Python Payloads Resources

RedDrop Exfil Server Check out the accompanying MaverisLabs Blog Post Here! RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers,

Update ! ANONFILE MIGHT NOT WORK ! About A Python Binder that merge 2 files with any extension by creating a new python file and compiling it to exe w

AnonStress Stored XSS Exploit An exploit and demonstration on how to exploit a S

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release

log4j_catcher Log4j exploit catcher, detect Log4Shell exploits and try to get payloads. This is a basic python server that listen on a port and logs i

Hashgrab Generates scf, url & lnk payloads to put onto a smb share. These force authentication to an attacker machine in order to grab hashes (for exa

zip-symlink-payload-creator This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

Serverless-capture-lambda-payload-demo Serverless demo showing users how they can capture (and obfuscate) their Lambda payloads in Datadog APM This wi

AHKDuckyReplacer A simple python script to convert Rubber Ducky payloads into AutoHotKey scripts. I have also added a sample payload for testing. I wi

Goal Search, generate & deliver payloads in an quick and easy way Be as simple as possible BUT with all msfvenom payloads. Ever lost time searching th

RoProxy A Discord webhook proxy passthrough for roblox. Setup Your port and endpoint are in the config.json, make sure both app.py and config.json are

🎃 🌽 ScareCrow Cobalt Strike intergration CNA A Cobalt Strike script for ScareCrow payload generation. Works only with the binary and DLL Loader. 💣

KCMTicketFormatter This tools takes the output from https://github.com/fireeye/SSSDKCMExtractor and turns it into properly formatted CCACHE files for

Exploit Discord's cache system to hide payloads PoC Remote upload embedded payload from image using EOF to Discord users machines through cache. Depen