EN
ENNA

hoaxshell

BSD-2-Clause

🔥 Offensive Ops · Python

Hoaxshell is an unconventional Windows reverse shell that uses HTTP(S) traffic for communication, designed to be fully undetectable by Microsoft Defender. Developed in Python, it leverages web-based traffic to evade traditional detection mechanisms, making it suitable for stealthy penetration testing and red team activities. Hoaxshell is notable for its unique approach to bypassing endpoint security solutions.

3.4kstars
527forks
20issues
Updated 1y ago
View on GitHub

Tags

reverse-shellevasionwindowshttp-shellhackingopen-sourcepenetration-testingpentesting-toolspowershellpython3red-teaming

Details

Category
🔥 Offensive Ops
Language
Python
License
BSD-2-Clause
Platforms
🐧linux🪟windows

Links

GitHub Repository

github.com/t3l3machus/hoaxshell

Releases

github.com/t3l3machus/hoaxshell/releases

Issues

github.com/t3l3machus/hoaxshell/issues

Sponsored

Your ad here

Reach security professionals and developers — ads@en-na.com

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound