TrustedSec's open source tools are created to enable developers to focus on company security. TrustedSec develops tools that are available to anyone in order to educate and move the industry ahead. See what we’ve created and how they can help you by downloading instructions or visiting our GitHub link. Get started today.

All our open source tools

Auto .SettingContent-ms

Auto .SettingContent-ms is a quick POC for using the Matt Nelson (enigma0x3) technique for generating a malicious .SettingContent-ms extension type for remote code execution.
Learn More

ConQR

ConQR is an open source ticketing system for conferences to issue QRCode's in a quick, efficient, and easy manner.
Learn More

CrackMapExec

CrackMapExec is a swiss army knife for pentesting Windows/Active Directory environments.
Learn More

Egressbuster

Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.
Learn More

hardCIDR

hardCIDR is a Linux Bash script, but also functions under macOS.
Learn More

hash_parser

hash_parser is a tool that will export a rc file compatible with Metasploit. This is useful when compromising a separate domain and want to see if any of the credentials work on another domain or other systems.
Learn More

hate_crack

hate_crack is a tool for automating cracking methodologies through Hashcat developed by the TrustedSec team.
Learn More

HoneyBadger

HoneyBadger is a collection of Metasploit modules with a plugin to help automate Post-Exploitation actions on target systems using the Metasploit Framework.
Learn More

MeterSSH

MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection.
Learn More

NPS Payload

NPS Payload will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.
Learn More

PenTesters Framework (PTF)

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing.
Learn More

Pivoter

Pivoter is a proxy tool for pentesters to have easier lateral movement.
Learn More

Rid_enum

Rid_enum is a null session RID cycle attack for brute forcing domain controllers.
Learn More

Shared Host Integrated Password System (SHIPS)

SHIPS is a local super user or administrator password manager.
Learn More

SimplyEmail

SimplyEmail is simple yet effective way to get what Recon-Ng gets and theHarvester gets.
Learn More

SprayWMI

SprayWMI is an easy way to get mass shells on systems that support WMI. Much more effective than PSEXEC as it does not leave remnants on a system.
Learn More

The Social-Engineer Toolkit (SET)

SET is a powerful tool for social-engineering.
Learn More

TrevorC2

TrevorC2 is a legitimate website that tunnels client/server communications for covert command execution.
Learn More

TrustedSec Attack Platform (TAP)

The TrustedSec Attack Platform (TAP) is a reliable method for droppers on an infrastructure in order to ensure established connections to an organization.
Learn More

UNICORN

UNICORN is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
Learn More

WPUpdate

WPUpdate is a simple Linux service that automatically checks for a new version of Wordpress each night at 2AM.
Learn More