Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/boh/RedCsharp
Collection of C# projects. Useful for pentesting and redteaming.
https://github.com/boh/RedCsharp
Last synced: 21 days ago
JSON representation
Collection of C# projects. Useful for pentesting and redteaming.
- Host: GitHub
- URL: https://github.com/boh/RedCsharp
- Owner: boh
- Created: 2020-04-01T18:25:02.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-10-19T18:29:59.000Z (about 1 year ago)
- Last Synced: 2024-08-05T17:42:18.159Z (4 months ago)
- Homepage:
- Size: 90.8 KB
- Stars: 285
- Watchers: 7
- Forks: 46
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - boh/RedCsharp - Collection of C# projects. Useful for pentesting and redteaming. (Others)
README
# RedCsharp
![Build](https://github.com/boh/RedCsharp/workflows/Build/badge.svg)
## Offensive C# tools
* [CasperStager](https://github.com/ustayready/CasperStager)
* PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.
* [CSExec](https://github.com/malcomvetter/CSExec)
* An implementation of PSExec in C#
* [CSharpCreateThreadExample](https://github.com/djhohnstein/CSharpCreateThreadExample)
* C# code to run PIC using CreateThread
* [CSharpScripts](https://github.com/Arno0x/CSharpScripts)
* Collection of C# scripts
* [CSharpSetThreadContext](https://github.com/djhohnstein/CSharpSetThreadContext)
* C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThread Context to evade Get-InjectedThread
* [CSharpWinRM](https://github.com/mez-0/CSharpWinRM)
* .NET 4.0 WinRM API Command Execution
* [PrintNightmare in CSharp](https://github.com/cube0x0/CVE-2021-1675)
* C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
* [DnsCache](https://github.com/malcomvetter/DnsCache)
* This is a reference example for how to call the Windows API to enumerate cached DNS records in the Windows resolver. Proof of concept or pattern only.
* [EDD](https://github.com/RedSiege/EDD)
* Enumerate Domain Data is designed to be similar to PowerView but in .NET.
* [Farmer](https://github.com/mdsecactivebreach/Farmer)
* Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.
* [FreshCookees](https://github.com/P1CKLES/FreshCookees)
* C# .NET 3.5 tool that keeps proxy auth cookies fresh by maintaining a hidden IE process that navs to your hosted auto refresh page. Uses WMI event listeners to monitor for InstanceDeletionEvents of the Internet Explorer process, and starts a hidden IE process via COM object if no other IE processes are running.
* [](https://github.com/Apr4h/GetInjectedThreads)
* C# Implementation of Jared Atkinson's Get-InjectedThread.ps1
* [GoldenTicket](https://github.com/ZeroPointSecurity/GoldenTicket)
* This .NET assembly is specifically designed for creating Golden Tickets. It has been built with a custom version of SharpSploit and an old 2.0 alpha (x64) version of Powerkatz.
* [Grouper2](https://github.com/l0ss/Grouper2)
* Find vulnerabilities in AD Group Policy
* [HTTPS_CSharp_Server](https://github.com/secdev-01/HTTPS_CSharp_Server)
* Implementing a Multithreaded HTTP/HTTPS Debugging Proxy Server in C# xref.
* [Inception](https://github.com/two06/Inception)
* Provides In-memory compilation and reflective loading of C# apps for AV evasion.
* [InveighZero](https://github.com/Kevin-Robertson/InveighZero)
* Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 spoofer/man-in-the-middle tool
* [KittyLitter ](https://github.com/djhohnstein/KittyLitter)
* Credential Dumper. It is comprised of two components, KittyLitter.exe and KittyScooper.exe. This will bind across TCP, SMB, and MailSlot channels to communicate credential material to lowest privilege attackers.
* [KRBUACBypass](https://github.com/wh0amitz/KRBUACBypass/)
* UAC Bypass By Abusing Kerberos Tickets
* [LittleCorporal](https://github.com/connormcgarr/LittleCorporal)
* LittleCorporal: A C# Automated Maldoc Generator
* [Lockless](https://github.com/GhostPack/Lockless)
* Lockless allows for the copying of locked files.
* [MaliciousClickOnceMSBuild](https://github.com/hausec/MaliciousClickOnceMSBuild)
* Basic C# Project that will take an MSBuild payload and run it with MSBuild via ClickOnce.
* [Minidump](https://github.com/3xpl01tc0d3r/Minidump)
* The program is designed to dump full memory of the process by specifing process name or process id.
* [MiscTools](https://github.com/rasta-mouse/MiscTools)
* Miscellaneous Tools
* [NamedPipes](https://github.com/malcomvetter/NamedPipes)
* A pattern for client/server communication via Named Pipes via C#
* [nopowershell](https://github.com/bitsadmin/nopowershell)
* PowerShell rebuilt in C# for Red Teaming purposes
* [OffensiveCSharp](https://github.com/matterpreter/OffensiveCSharp)
* Collection of Offensive C# Tooling
* [PurpleSharp](https://github.com/mvelazc0/PurpleSharp)
* PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments.
* [Reg_Built](https://github.com/P1CKLES/Reg_Built)
* C# Userland Registry RunKey persistence
* [RemoteProcessInjection](https://github.com/Mr-Un1k0d3r/RemoteProcessInjection)
* C# remote process injection utility for Cobalt Strike
* [Rubeus](https://github.com/GhostPack/Rubeus)
* Rubeus is a C# toolset for raw Kerberos interaction and abuses.
* RunProcessAsTask
* [RunasCs](https://github.com/antonioCoco/RunasCs)
* RunasCs - Csharp and open version of windows builtin runas.exe
* [RunSharp](https://github.com/fullmetalcache/RunSharp)
* Simple program that allows you to run commands as another user without being prompted for their password. This is useful in cases where you don't always get feedback from a prompt, such as the case with some remote shells.
* [SafetyDump](https://github.com/m0rv4i/SafetyDump)
* SafetyDump is an in-memory process memory dumper.
* [SafetyKatz](https://github.com/GhostPack/SafetyKatz)
* SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subTee's .NET PE Loader
* [Seatbelt](https://github.com/GhostPack/Seatbelt)
* Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
* [self-morphing-csharp-binary](https://github.com/bytecode77/self-morphing-csharp-binary)
* C# binary that mutates its own code, encrypts and obfuscates itself on runtime
* [Sharp-InvokeWMIExec](https://github.com/TheWover/Sharp-InvokeWMIExec)
* A native C# conversion of Kevin Robertsons Invoke-WMIExec powershell script
* [Sharp-Suite](https://github.com/rvrsh3ll/Sharp-Suite)
* fork of FuzzySecurity/Sharp-Suite
* [SharpAdidnsdump](https://github.com/b4rtik/SharpAdidnsdump)
* c# implementation of Active Directory Integrated DNS dumping (authenticated user)
* [SharpAppLocker](https://github.com/Flangvik/SharpAppLocker)
* C# port of the Get-AppLockerPolicy PS cmdlet
* [SharpAttack](https://github.com/jaredhaight/SharpAttack)
* SharpAttack is a console for certain things I use often during security assessments. It leverages .NET and the Windows API to perform its work. It contains commands for domain enumeration, code execution, and other fun things.
* [SharpBlock](https://github.com/CCob/SharpBlock)
* A method of bypassing EDR's active projection DLL's by preventing entry point exection
* [SharpCat](https://github.com/OG-Sadpanda/SharpCat)
* C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly
* [SharpClipboard](https://github.com/slyd0g/SharpClipboard)
* C# Clipboard Monitor
* [SharpClipHistory](https://github.com/FSecureLABS/SharpClipHistory)
* SharpClipHistory is a .NET application written in C# that can be used to read the contents of a user's clipboard history in Windows 10 starting from the 1809 Build.
* [SharpCloud](https://github.com/chrismaddalena/SharpCloud)
* Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute.
* [SharpCOM](https://github.com/rvrsh3ll/SharpCOM)
* CSHARP DCOM Fun
* [SharpCompile](https://github.com/SpiderLabs/SharpCompile)
* SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike.
* [SharpCradle](https://github.com/anthemtotheego/SharpCradle)
* SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.
* [SharpDomainSpray](https://github.com/HunnicCyber/SharpDomainSpray)
* Basic password spraying tool for internal tests and red teaming
* [SharpDoor](https://github.com/infosecn1nja/SharpDoor)
* SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
* [SharpDPAPI](https://github.com/GhostPack/SharpDPAPI)
* SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
* [SharpDump](https://github.com/GhostPack/SharpDump)
* SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
* [SharpDXWebcam](https://github.com/snovvcrash/SharpDXWebcam)
* The DirectX and DShowNET assemblies to record video from the host's webcam
* [SharpEdge](https://github.com/rvrsh3ll/SharpEdge)
* C# Implementation of Get-VaultCredential
* [SharpHook](https://github.com/IlanKalendarov/SharpHook)
* SharpHook is inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials.
* [SharpChisel](https://github.com/shantanu561993/SharpChisel)
* C# Wrapper around Chisel from https://github.com/jpillora/chisel
* [SharPersist](https://github.com/fireeye/SharPersist)
* Windows persistence toolkit written in C#.
* [SharpExcelibur](https://github.com/OG-Sadpanda/SharpExcelibur)
* Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly
* [SharpExec](https://github.com/anthemtotheego/SharpExec)
* SharpExec is an offensive security C# tool designed to aid with lateral movement. WMIExec. SMBExec. PSExec. WMI.
* [SharpFiles](https://github.com/fullmetalcache/SharpFiles)
* C# program that takes in the file output from PowerView's Invoke-ShareFinder and will search through the network shares for files containing terms that you specify.
* [SharpFinder](https://github.com/s0lst1c3/SharpFinder)
* Searches for files matching specific criteria on readable shares within the domain.
* [SharpFruit](https://github.com/rvrsh3ll/SharpFruit)
* A C# penetration testing tool to discover low-haning web fruit via web requests.
* [SharpGPOAbuse](https://github.com/FSecureLABS/SharpGPOAbuse)
* application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
* [SharpHide](https://github.com/outflanknl/SharpHide)
* Tool to create hidden registry keys.
* [SharpInvoke-SMBExec](https://github.com/checkymander/Sharp-SMBExec)
* SMBExec C# module
* [SharpLoadImage](https://github.com/b4rtik/SharpLoadImage)
* Hide .Net assembly into png images
* [SharpLocker](https://github.com/Pickfordmatt/SharpLocker)
* SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike.
* [SharpLoginPrompt](https://github.com/shantanu561993/SharpLoginPrompt)
* This Program creates a login prompt to gather username and password of the current user.
* [SharpLogger](https://github.com/djhohnstein/SharpLogger)
* Keylogger written in C#
* [SharpMapExec](https://github.com/cube0x0/SharpMapExec)
* A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements.
* [SharpNeedle](https://github.com/ChadSki/SharpNeedle)
* Inject C# code into a running process. Note: SharpNeedle currently only supports 32-bit processes.
* [SharpMove](https://github.com/0xthirteen/SharpMove)
* .NET Project for performing Authenticated Remote Execution (WMI, SCM, DCOM, Task Scheduler, Service DLL Hijack, DCOM Server Hijack, Modify Scheduled Task, Modify Service binpath)
* [SharpPack](https://github.com/mdsecactivebreach/SharpPack)
* An Insider Threat Toolkit. SharpPack is a toolkit for insider threat assessments that lets you defeat application whitelisting to execute arbitrary DotNet and PowerShell tools.
* [sharppcap](https://github.com/chmorgan/sharppcap)
* Official repository - Fully managed, cross platform (Windows, Mac, Linux) .NET library for capturing packets
* [SharpPrinter](https://github.com/rvrsh3ll/SharpPrinter)
* Discover Printers
* [SharpRelay](https://github.com/pkb1s/SharpRelay)
* Relay hashes over CobaltStrike beacon and impacket ntlmrelayx.py.
* [SharpRoast](https://github.com/GhostPack/SharpRoast)
* SharpRoast is a C# port of various PowerView's Kerberoasting functionality.
* [SharpShares](https://github.com/djhohnstein/SharpShares)
* Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
* [SharpSC](https://github.com/djhohnstein/SharpSC)
* Simple .NET assembly to interact with services.
* [SharpSniper](https://github.com/HunnicCyber/SharpSniper)
* Find specific users in active directory via their username and logon IP address
* [SharpSocks]( https://github.com/nettitude/SharpSocks)
* Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
* [SharpSphere](https://github.com/JamesCooteUK/SharpSphere)
* .NET Project for Attacking vCenter
* [SharpSploit](https://github.com/cobbr/SharpSploit)
* SharpSploit is a .NET post-exploitation library written in C# https://sharpsploit.cobbr.io/api/
* [SharpSpray](https://github.com/jnqpblc/SharpSpray)
* SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.
* [SharpSSDP](https://github.com/rvrsh3ll/SharpSSDP)
* SSDP Service Discovery
* [SharpSQL](https://github.com/mlcsec/SharpSQL)
* Simple C# implementation of PowerUpSQL.
* [SharpSystemTriggers](https://github.com/cube0x0/SharpSystemTriggers)
* Collection of remote authentication triggers in C#
* [SharpSword](https://github.com/OG-Sadpanda/SharpSword)
* Read the contents of DOCX files using Cobalt Strike's Execute-Assembly
* [SharpTask](https://github.com/jnqpblc/SharpTask)
* SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
* [SharpTerminator](https://github.com/mertdas/SharpTerminator)
* Terminate AV/EDR Processes using kernel driver
* [SharpView](https://github.com/tevora-threat/SharpView)
* C# implementation of harmj0y's PowerView
* [SharpWeb](https://github.com/djhohnstein/SharpWeb)
* .NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge.
* [SharpWMI]( https://github.com/GhostPack/SharpWMI)
* SharpWMI is a C# implementation of various WMI functionality.
* [SharPyShell](https://github.com/antonioCoco/SharPyShell )
* SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
* [SharpZeroLogon](https://github.com/nccgroup/nccfsas/)
* This is an exploit for CVE-2020-1472, a.k.a. Zerologon.
* [SilkETW](https://github.com/fireeye/SilkETW)
* SilkETW & SilkService are flexible C# wrappers for ETW, they are meant to abstract away the complexities of ETW and give people a simple interface to perform research and introspection. While both projects have obvious defensive (and offensive) applications they should primarily be considered as research tools.
* [SneakyService]( https://github.com/malcomvetter/SneakyService)
* A simple, minimal C# windows service implementation that can be used to demonstrate privilege escalation from misconfigured windows services.
* [SpaceRunner](https://github.com/Mr-B0b/SpaceRunner)
* This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace.
* [Stracciatella](https://github.com/mgeeky/Stracciatella)
* OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI and Script Block Logging disabled at startup
* [taskkill](https://github.com/malcomvetter/taskkill )
* This is a reference example for how to call the Windows API to enumerate and kill a process similar to taskkill.exe. This is based on (incomplete) MSDN example code. Proof of concept or pattern only.
* [TCPRelayInjecter2](https://github.com/Arno0x/TCPRelayInjecter2)
* Tool for injecting a "TCP Relay" managed assembly into an unmanaged process.
* [TikiTorch](https://github.com/rasta-mouse/TikiTorch)
* Process Injection. The basic concept of CACTUSTORCH is that it spawns a new process, allocates a region of memory, then uses CreateRemoteThread to run the desired shellcode within that target process. Both the process and shellcode are specified by the user.
* [TrustJack](https://github.com/jfmaes/TrustJack)
* Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows.
* [Watson](https://github.com/rasta-mouse/Watson)
* Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities