Proof of concept: using a Cloudflare worker for AITM attacks
☆140Jan 28, 2025Updated last year
Alternatives and similar repositories for AITMWorker
Users that are interested in AITMWorker are comparing it to the libraries listed below
Sorting:
- Azure AiTM Function PoC to phish Entra ID Credentials☆28Nov 21, 2025Updated 3 months ago
- Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of …☆18Apr 4, 2023Updated 2 years ago
- Evilginx Phishing Infrastructure Setup Guide - Securing Evilginx and Gophish Infrastructure, Removing IOCs, Phishing TTPs☆543Jun 3, 2025Updated 9 months ago
- Bounces when a fish bites - Evilginx database monitoring with exfiltration automation☆182Jun 9, 2024Updated last year
- Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI☆1,033Dec 31, 2025Updated 2 months ago
- Slides and Codes used for the workshop Red Team Infrastructure Automation☆193Apr 14, 2024Updated last year
- Weaponized Browser-in-the-Middle (BitM) for Penetration Testers☆609Dec 9, 2025Updated 2 months ago
- Tool to extract username and password of current user from PanGPA in plaintext☆89Dec 23, 2024Updated last year
- Azure Post Exploitation Framework☆244Oct 27, 2025Updated 4 months ago
- Abusing Azure services over C2☆367Jan 20, 2026Updated last month
- TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …☆382Jan 23, 2025Updated last year
- A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented b…☆441May 29, 2024Updated last year
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆79Aug 5, 2024Updated last year
- ☆121Nov 21, 2024Updated last year
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆323Oct 12, 2025Updated 4 months ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆779Jan 26, 2026Updated last month
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆237Aug 25, 2024Updated last year
- BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…☆488Updated this week
- ☆14Sep 26, 2023Updated 2 years ago
- Proof-of-concept implementation of AI-enabled postex DLLs☆54Sep 10, 2025Updated 5 months ago
- Set of python scripts which perform different ways of command execution via WMI protocol.☆165Jun 29, 2023Updated 2 years ago
- ☆568Mar 28, 2024Updated last year
- ☆102Oct 27, 2022Updated 3 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆677Aug 15, 2025Updated 6 months ago
- Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive an…☆1,100Feb 20, 2026Updated 2 weeks ago
- Remote operations commands implemented using Beacon Object Files☆1,120Feb 23, 2026Updated last week
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated 2 years ago
- Linux CS bypass technique☆32Feb 4, 2025Updated last year
- Identify the attack paths in BloodHound breaking your AD tiering☆326Nov 6, 2022Updated 3 years ago
- Nameless C2 - A C2 with all its components written in Rust☆283Sep 26, 2024Updated last year
- Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling☆1,263Mar 19, 2025Updated 11 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆424Sep 29, 2025Updated 5 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆382Dec 13, 2024Updated last year
- A Post-exploitation Toolset for Interacting with the Microsoft Graph API☆1,256Jul 22, 2025Updated 7 months ago
- A simple to use single-include Windows API resolver☆23Jul 9, 2024Updated last year
- ☆124May 12, 2021Updated 4 years ago