Documentation ¶
There is no documentation for this package.
Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
access-chrome-breakout-root
Simulates an overflow where Google Chrome spawns a shell [T1189]
|
Simulates an overflow where Google Chrome spawns a shell [T1189] |
cnc-dns-over-https
Simulates C&C discovery via DNS over HTTPS (ala Godlua)
|
Simulates C&C discovery via DNS over HTTPS (ala Godlua) |
cnc-resolve-random
Simulates C&C discovery via randomized hostname lookups (ala Aquatic Panda)
|
Simulates C&C discovery via randomized hostname lookups (ala Aquatic Panda) |
creds-browser-cookies
Simulates theft of web session cookies [T1539]
|
Simulates theft of web session cookies [T1539] |
creds-gcp-exfil
Simulates theft of GCP credentials [1552.001, T15060.002]
|
Simulates theft of GCP credentials [1552.001, T15060.002] |
creds-keylogger-root
Simulate theft of credentials via key logging [T1056]
|
Simulate theft of credentials via key logging [T1056] |
creds-packet-sniffer-root
Simulates theft of credentials via network sniffing [T1040]
|
Simulates theft of credentials via network sniffing [T1040] |
creds-ssh-exfil
Simulates theft of GCP credentials [1552.001, T15060.002]
|
Simulates theft of GCP credentials [1552.001, T15060.002] |
evade-deleted-service
Simulates a service running by a binary which no longer exists
|
Simulates a service running by a binary which no longer exists |
evade-masquerade-kernel-thread-root
Simulates process masquerading as a kernel thread [T1036.004]
|
Simulates process masquerading as a kernel thread [T1036.004] |
evade-masquerade-user
Simulates process masquerading as another user process [T1036.004]
|
Simulates process masquerading as another user process [T1036.004] |
evade-shell-history
Simulates attack cleanup via bash_history truncation [T1070.003]
|
Simulates attack cleanup via bash_history truncation [T1070.003] |
evade-tools-in-var-tmp-hidden
Simulates tool transfer using curl & running from /var/tmp/.
|
Simulates tool transfer using curl & running from /var/tmp/. |
evade-usr-bin-exec-root
Simulates malicious program installing itself into /usr/bin [T1036.005]
|
Simulates malicious program installing itself into /usr/bin [T1036.005] |
exec-bash-reverse-shell
Launches a temporary reverse shell using bash
|
Launches a temporary reverse shell using bash |
exec-curl-to-hidden-url
Simulates tool transfer using curl to a hidden directory [T1036.005]
|
Simulates tool transfer using curl to a hidden directory [T1036.005] |
exec-drop-eicar
Simulates droppping a known virus signature (EICAR) onto filesystem
|
Simulates droppping a known virus signature (EICAR) onto filesystem |
exec-linpeas
Downloads and launches LinPEAS
|
Downloads and launches LinPEAS |
exec-netcat-listen
Launches netcat to listen on a port [T1059.004]
|
Launches netcat to listen on a port [T1059.004] |
exec-python-reverse-shell
Launches a temporary reverse shell using Python
|
Launches a temporary reverse shell using Python |
exec-traitor-vuln-probe
Simulates probing system for privilege escalation vulns
|
Simulates probing system for privilege escalation vulns |
exec-upx-listener-root
New unsigned obfuscated binary listening from a hidden directory as root
|
New unsigned obfuscated binary listening from a hidden directory as root |
hidden-listener
New unsigned binary listening from a hidden directory
|
New unsigned binary listening from a hidden directory |
persist-iptables-root
Simulates attacker making iptables changes to allow incoming traffic
|
Simulates attacker making iptables changes to allow incoming traffic |
persist-launchd-com-apple-root
Simulates persistance via a fake unsigned Apple launchd service
|
Simulates persistance via a fake unsigned Apple launchd service |
persist-user-crontab-reboot
Simulates a command inserting itself into the user crontab for persistence
|
Simulates a command inserting itself into the user crontab for persistence |
privesc-traitor-dirty-pipe
Simulate CVE-2022-0847 (Dirty pipe) to escalate user privileges to root
|
Simulate CVE-2022-0847 (Dirty pipe) to escalate user privileges to root |
privesc-traitor-docker-socket
Simulates using Docker sockets to escalate user privileges to root
|
Simulates using Docker sockets to escalate user privileges to root |
pypi-supply-chain
Simulates a PyPI supply chain attack using a modified real-world sample
|
Simulates a PyPI supply chain attack using a modified real-world sample |
pkg
|
|
Click to show internal directories.
Click to hide internal directories.