Tool to download, install, and run macOS capable command & control servers (i.e., C2s with macOS payloads/clients) as docker containers from a list of options. This is helpful for automating C2 server setup.
☆19Dec 29, 2020Updated 5 years ago
Alternatives and similar repositories for C2_Cradle
Users that are interested in C2_Cradle are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Simple CLI utility to save off an image from every webcam hooked into a mac☆14May 20, 2021Updated 4 years ago
- ☆15May 26, 2021Updated 4 years ago
- Scripts to automate standing up C2 infra with firewall settings inside of DigitalOcean.☆18Feb 5, 2021Updated 5 years ago
- Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.☆23Apr 22, 2021Updated 4 years ago
- Scripts to automate standing up apache2 with mod_rewrite in front of C2 servers.☆47Feb 17, 2021Updated 5 years ago
- A tool to sync mythic events with ghostwriter oplog.☆14Nov 21, 2024Updated last year
- PoC of macho loading from memory☆58Nov 18, 2024Updated last year
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- Simple Shellcode development/injection on macOS☆11Nov 6, 2017Updated 8 years ago
- Caesar-Cipher based encryption☆29Mar 1, 2021Updated 5 years ago
- JXA script to allow programmatic persistence via macOS Calendar.app alerts.☆44Oct 31, 2020Updated 5 years ago
- ☆34Apr 5, 2017Updated 8 years ago
- Python3 script to generate a macro to launch a Mythic payload. Author: Cedric Owens☆48Apr 15, 2021Updated 4 years ago
- Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, lo…☆81Aug 12, 2025Updated 7 months ago
- A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.☆19Jun 24, 2021Updated 4 years ago
- Objective C dylibHijackScanner and analysis tool☆40Jul 12, 2023Updated 2 years ago
- Mach Fuzzing Tools☆32Oct 24, 2013Updated 12 years ago
- Bash tool used for proactive detection of malicious activity on macOS systems.☆39Sep 29, 2025Updated 5 months ago
- If you have any questions, please open an issue.☆25Apr 6, 2022Updated 3 years ago
- ☆18Jul 3, 2020Updated 5 years ago
- Penetration testing “drop box”☆14Sep 12, 2018Updated 7 years ago
- A combined list of helpful awscli commands from Scott Piper's flaws.cloud exercise as well as from Beau Bullock's Breaching the Cloud Tra…☆19Mar 1, 2021Updated 5 years ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once☆23Jul 14, 2022Updated 3 years ago
- Generate droppers with encrypted payloads automatically.☆54Nov 16, 2021Updated 4 years ago
- JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.☆40Apr 20, 2022Updated 3 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- Inject a DyLib to an existing Mach-O file☆23Oct 20, 2015Updated 10 years ago
- Swift code to programmatically perform dylib injection☆53Oct 29, 2022Updated 3 years ago
- ☆25May 13, 2019Updated 6 years ago
- DLL hijacking vulnerability scanner and PE infector tool☆20Sep 8, 2017Updated 8 years ago
- DeepSea Phishing Gear☆122Jul 20, 2020Updated 5 years ago
- Apfell POC Chrome Extension Payload☆10Jun 24, 2020Updated 5 years ago
- OrFinder is a tool which scan the internet to find open relay SMTPs☆15Aug 7, 2017Updated 8 years ago
- MacOS C2 Framework☆85Sep 2, 2021Updated 4 years ago
- This repository contains the technique presented at SOCON2025 for stealing cookies silently from MacOS Sequoia with only root privileges☆12Mar 27, 2025Updated 11 months ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago
- Enumerate Location Services using CoreLocation API on macOS☆18Dec 2, 2021Updated 4 years ago