Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/shadow-workers/shadow-workers
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
https://github.com/shadow-workers/shadow-workers
c2 penetration-testing-tools proxy service-worker xss-exploitation
Last synced: about 1 month ago
JSON representation
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
- Host: GitHub
- URL: https://github.com/shadow-workers/shadow-workers
- Owner: shadow-workers
- License: mit
- Created: 2019-03-28T05:16:43.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-10-03T05:33:45.000Z (about 1 year ago)
- Last Synced: 2024-08-01T10:17:14.735Z (4 months ago)
- Topics: c2, penetration-testing-tools, proxy, service-worker, xss-exploitation
- Language: JavaScript
- Homepage: https://shadow-workers.github.io
- Size: 4.05 MB
- Stars: 218
- Watchers: 9
- Forks: 46
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: MIT-LICENSE
Awesome Lists containing this project
- awesome-bugbounty-tools - shadow-workers - Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW) (Exploitation / XSS Injection)
README
# Shadow Workers
[![Foo](https://rawcdn.githack.com/toolswatch/badges/master/arsenal/usa/2019.svg)](https://www.blackhat.com/us-19/arsenal/schedule/index.html#ghost-in-the-browser-backdooring-with-shadow-workers-16989)
[![Foo](https://rawcdn.githack.com/toolswatch/badges/master/arsenal/asia/2019.svg)](https://www.blackhat.com/asia-19/arsenal/schedule/index.html#ghosts-in-the-browser-backdooring-with-service-workers-14380)
## Info
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW).
A successful exploitation allows you to browse on the targeted application as the victim(s), as long as the SW (agent) is active. A victim does not have to have a browser tab open in the application for the agent to be active.## How to use
[Shadow Workers Site](https://shadow-workers.github.io)TrustedSec Blog posts on the tool:
https://www.trustedsec.com/blog/persistence-through-service-workers-part-1-introduction-and-target-application-setup
https://trustedsec.com/blog/persistence-through-service-workers-part-2-c2-setup-and-use
## Authors
* [@libnex](https://twitter.com/libnex)
* [@claudiocontin](https://twitter.com/claudiocontin)## License
This tool is released under the [MIT License](https://opensource.org/licenses/MIT).