Threat Express

Pinned Repositories

aggressor-scripts
Cobalt Strike Aggressor Scripts
Language:JavaScript138 6 023
cs2modrewrite
Convert Cobalt Strike profiles to modrewrite scripts
Language:Python574 20 4111
domainhunter
Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
Language:Python1.5k 60 25287
malleable-c2
Cobalt Strike Malleable C2 Design and Reference Guide
1.6k 44 12291
metatwin
The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.
Language:HTML326 13 467
pasties
A collection of random bits of information common to many individual penetration tests, red teams, and other assessments
Language:Shell107 9 033
random_c2_profile
Cobalt Strike random C2 Profile generator
Language:Python617 13 687
red-team-scripts
A collection of Red Team focused tools, scripts, and notes
Language:PowerShell1.1k 53 1191
subshell
SubShell is a python command shell used to control and execute commands through HTTP requests to a webshell. SubShell acts as the interface to the remote webshells.
Language:Python72 7 015
tinyshell
Language:Python166 11 136

Threat Express's Repositories

threatexpress/malleable-c2
Cobalt Strike Malleable C2 Design and Reference Guide
1.6k 44 12291
threatexpress/domainhunter
Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
Language:Python1.5k 60 25287
threatexpress/red-team-scripts
A collection of Red Team focused tools, scripts, and notes
Language:PowerShell1.1k 53 1191
threatexpress/random_c2_profile
Cobalt Strike random C2 Profile generator
Language:Python617 13 687
threatexpress/cs2modrewrite
Convert Cobalt Strike profiles to modrewrite scripts
Language:Python574 20 4111
threatexpress/metatwin
The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.
Language:HTML326 13 467
threatexpress/tinyshell
Language:Python166 11 136
threatexpress/aggressor-scripts
Cobalt Strike Aggressor Scripts
Language:JavaScript138 6 023
threatexpress/pasties
A collection of random bits of information common to many individual penetration tests, red teams, and other assessments
Language:Shell107 9 033
threatexpress/subshell
SubShell is a python command shell used to control and execute commands through HTTP requests to a webshell. SubShell acts as the interface to the remote webshells.
Language:Python72 7 015
threatexpress/threatbox
ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution.
Language:Smarty71 5 112
threatexpress/invoke-pipeshell
SMB Named Pipe shell
Language:PowerShell63 3 015
threatexpress/portplow
PortPlow is a distributed port and system scanning & enumeration service. It enables the quick and automated enumeration of ports and services from multiple systems managed by a central console.
Language:JavaScript53 4 010
threatexpress/persistence-aggressor-script
initial commit
41 4 07
threatexpress/edc
Event Data Collector
Language:Python35 3 07
threatexpress/mythic2modrewrite
Generate Apache mod_rewrite rules for Mythic C2 profiles
Language:Python26 2 03
threatexpress/threat-mitigation
Threat Mitigation Strategies
23 2 010
threatexpress/procdot_sandbox
ProcDot Malware Sandbox
Language:Python21 4 06
threatexpress/cobaltstrike_payload_generator
Quickly generate every payload type for each listener and optionally host via HTTP.
15 1 03
threatexpress/redteamguide
Home of https://redteam.guide
Language:JavaScript11 1 07
threatexpress/threatexpress
Language:HTML11 5 04
threatexpress/tools
Tools
1 3 0