Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shadow-workers/shadow-workers

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
https://github.com/shadow-workers/shadow-workers

c2 penetration-testing-tools proxy service-worker xss-exploitation

Last synced: 5 days ago
JSON representation

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

Awesome Lists containing this project

README

        

# Shadow Workers

[![Foo](https://rawcdn.githack.com/toolswatch/badges/master/arsenal/usa/2019.svg)](https://www.blackhat.com/us-19/arsenal/schedule/index.html#ghost-in-the-browser-backdooring-with-shadow-workers-16989)

[![Foo](https://rawcdn.githack.com/toolswatch/badges/master/arsenal/asia/2019.svg)](https://www.blackhat.com/asia-19/arsenal/schedule/index.html#ghosts-in-the-browser-backdooring-with-service-workers-14380)

## Info
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW).
A successful exploitation allows you to browse on the targeted application as the victim(s), as long as the SW (agent) is active. A victim does not have to have a browser tab open in the application for the agent to be active.

## How to use
[Shadow Workers Site](https://shadow-workers.github.io)

TrustedSec Blog posts on the tool:

https://www.trustedsec.com/blog/persistence-through-service-workers-part-1-introduction-and-target-application-setup

https://trustedsec.com/blog/persistence-through-service-workers-part-2-c2-setup-and-use

## Authors
* [@libnex](https://twitter.com/libnex)
* [@claudiocontin](https://twitter.com/claudiocontin)

## License

This tool is released under the [MIT License](https://opensource.org/licenses/MIT).