JavaScript beacons and C2 to be used for XSS payload or post exploitation implants on webapp servers or desktop software to monitor users and maintain persistence. Browser extension, electron app, and node/bun app implants are included.
☆466Jun 15, 2026Updated 2 weeks ago
Alternatives and similar repositories for JS-Tap
Users that are interested in JS-Tap are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆475Aug 2, 2024Updated last year
- An interactive shell to spoof some LOLBins command line☆187Jan 27, 2024Updated 2 years ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆76Feb 9, 2024Updated 2 years ago
- An App Domain Manager Injection DLL PoC on steroids☆214Dec 14, 2023Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆285Sep 18, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- .NET assembly loader with patchless AMSI and ETW bypass☆386Apr 19, 2023Updated 3 years ago
- Dump cookies and credentials directly from Chrome/Edge process memory☆1,469Apr 9, 2026Updated 2 months ago
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,885Nov 3, 2024Updated last year
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆284Feb 24, 2025Updated last year
- ☆570Mar 28, 2024Updated 2 years ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,199Oct 16, 2023Updated 2 years ago
- Collection of UAC Bypass Techniques Weaponized as BOFs☆637Feb 21, 2024Updated 2 years ago
- Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).☆596Mar 19, 2024Updated 2 years ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆361Nov 19, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A beacon object file implementation of PoolParty Process Injection Technique.☆451Dec 21, 2023Updated 2 years ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆227Nov 23, 2023Updated 2 years ago
- Escalate Service Account To LocalSystem via Kerberos☆404Sep 14, 2023Updated 2 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆626Jan 2, 2025Updated last year
- Shellcode encryptor & obfuscator tool☆1,027May 23, 2026Updated last month
- Library of BOFs to interact with SQL servers☆242Dec 3, 2025Updated 7 months ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆441Feb 11, 2024Updated 2 years ago
- ↕️🤫 Stealth redirector for your red team operation security☆1,090Jun 1, 2026Updated last month
- Generate an obfuscated DLL that will disable AMSI & ETW☆334Jul 15, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆251Jun 11, 2024Updated 2 years ago
- Use ESC1 to perform a makeshift DCSync and dump hashes☆211Nov 2, 2023Updated 2 years ago
- ☆344Jun 24, 2026Updated last week
- A round-trip obfuscated HTTP file transfer setup built to bypass IDS detections.☆282May 10, 2024Updated 2 years ago
- Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in…☆516Aug 7, 2024Updated last year
- ☆138Dec 4, 2023Updated 2 years ago
- ☆248May 5, 2024Updated 2 years ago
- Bypassing UAC with SSPI Datagram Contexts☆469Sep 24, 2023Updated 2 years ago
- ☆103Oct 7, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆326Apr 12, 2024Updated 2 years ago
- Okta Verify and Okta FastPass Abuse Tool☆343Sep 4, 2024Updated last year
- This repository implements Threadless Injection in C☆172Dec 23, 2023Updated 2 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆313Dec 9, 2023Updated 2 years ago
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆633Jun 25, 2024Updated 2 years ago
- Azure DevOps Services Attack Toolkit☆317Mar 15, 2025Updated last year