Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shadow-workers/shadow-workers

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
https://github.com/shadow-workers/shadow-workers

c2 penetration-testing-tools proxy service-worker xss-exploitation

Last synced: 5 days ago
JSON representation

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

Host: GitHub
URL: https://github.com/shadow-workers/shadow-workers
Owner: shadow-workers
License: mit
Created: 2019-03-28T05:16:43.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-10-03T05:33:45.000Z (about 1 year ago)
Last Synced: 2024-08-01T10:17:14.735Z (3 months ago)
Topics: c2, penetration-testing-tools, proxy, service-worker, xss-exploitation
Language: JavaScript
Homepage: https://shadow-workers.github.io
Size: 4.05 MB
Stars: 218
Watchers: 9
Forks: 46
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: MIT-LICENSE

Awesome Lists containing this project

awesome-bugbounty-tools - shadow-workers - Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW) (Exploitation / XSS Injection)

README

        # Shadow Workers

[![Foo](https://rawcdn.githack.com/toolswatch/badges/master/arsenal/usa/2019.svg)](https://www.blackhat.com/us-19/arsenal/schedule/index.html#ghost-in-the-browser-backdooring-with-shadow-workers-16989)

[![Foo](https://rawcdn.githack.com/toolswatch/badges/master/arsenal/asia/2019.svg)](https://www.blackhat.com/asia-19/arsenal/schedule/index.html#ghosts-in-the-browser-backdooring-with-service-workers-14380)

## Info

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW).

A successful exploitation allows you to browse on the targeted application as the victim(s), as long as the SW (agent) is active. A victim does not have to have a browser tab open in the application for the agent to be active.

## How to use

[Shadow Workers Site](https://shadow-workers.github.io)

TrustedSec Blog posts on the tool:

https://www.trustedsec.com/blog/persistence-through-service-workers-part-1-introduction-and-target-application-setup

https://trustedsec.com/blog/persistence-through-service-workers-part-2-c2-setup-and-use

## Authors

* [@libnex](https://twitter.com/libnex)

* [@claudiocontin](https://twitter.com/claudiocontin)

## License

This tool is released under the [MIT License](https://opensource.org/licenses/MIT).