We are happy to share a number of tools with the public. For the latest information and versions, please check us out on GitHub. We welcome and encourage contributions to our public tools.


LRQA Nettitude’s PoshC2 is a PowerShell based Command & Control system designed for ease of use, extensibility and reliability.


Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell. SharpSocks can be used with any C2 framework.


Pbind was created to overcome lateral movement problems, specifically in restricted environments where the server VLAN could not directly talk to the user VLAN.

RunPE (Process Hiving)

RunPE is a .NET assembly that uses a technique called Process Hiving to manually load an unmanaged executable into memory along with all its dependencies, run that executable with arguments passed at runtime, including capturing any output, before cleaning up and restoring memory to hide any trace that it was run.


MalSCCM takes some of the functionality of PowerSCCM and enhances it, making it more appropriate for Command and Control usage.


SharpWSUS is a .NET exploitation tool which allows red teamers to laterally move via Windows updates. It builds on existing tools to allow easy use over C2 channels.


An IE Post Exploitation Library that can be used standalone or with C2 frameworks.

PowerThIEf works with Internet Explorer.

XSS Payloads

Fire something more meaningful than alert(1) at your victims!  This repository is frequently updated with new attacks.


Scrounger is a modular tool designed to perform the routine tasks required during a mobile application security assessment. Supports iOS and Android.


ZeroPress provides a way to quickly catch critical impact ‘low hanging fruit’ vulnerabilities in WordPress. Useful for web application penetration tests.

Microsoft Logparser Query Files

A set of queries for sysmon log files that will process each of the Event types that sysmon records.


A useful command line data harvesting tool to help alleviate some of the more time consuming reconnaissance tasks.


Rocktastic is a word list of over one billion words and is based on real passwords and patterns observed in the wild.