Skip to content
@SpecterOps

SpecterOps

SpecterOps Open-Source Projects

SpecterOps

Slack Twitter Mastodon

At SpecterOps, we believe that we can influence our industry's maturation by contributing to the collective knowledge base. We do this by opening our ideas and hypotheses to inspection and criticism. That includes publishing our development works and contributing to the open-source community.

SpecterOps employees control their projects and maintain intellectual property rights and licenses, so most of the projects supported by SpecterOps are spread out over many individual GitHub profiles and organizations. We have organized these projects here for your perusal.

You can read more about our commitment to transparency here: A Push Toward Transparency

🔥 Featured Projects

The following projects are some larger open-source projects SpecterOps has, and continues to, sponsor and support. We hope you find them useful!

Expand

BloodHound

license Project Type Slack forks stargazers

More Info

BloodHound

BloodHound Community Edition uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.

Resource Link
GitHub https://github.com/SpecterOps/BloodHound
Homepage https://bloodhoundenterprise.io/
Documentation https://support.bloodhoundenterprise.io/

Nemesis

license Project Type Slack forks stargazers

More Info

Nemesis

Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data. It ingests data from a variety of sources (C2 frameworks, manual file uploads, Chrome downloads, etc.) and performs a number of automations and analytics on the collected data. It is a SpecterOps R&D project aiming to automate a number of repetitive tasks operators encounter on engagements, empower operators' analytic capabilities and collective knowledge, and create data stores of as much operational data as possible to help guide future research and facilitate offensive data analysis.

Resource Link
GitHub https://github.com/SpecterOps/Nemesis
Homepage https://specterops.github.io/Nemesis/

Ghostwriter

license Project Type Slack forks stargazers

More Info

Ghostwriter

Ghostwriter is a part of your team. It helps you manage clients, projects, reports, and infrastructure in one application. It does not replace some of the more common or traditional project management tools, such as CRMs. Still, it does consolidate all relevant project information in a way for users to easily curate every aspect of their projects.

Resource Link
GitHub https://github.com/GhostManager/Ghostwriter
Homepage https://ghostwriter.wiki
Documentation https://www.ghostwriter.wiki/

Mythic

license Project Type Slack forks stargazers

More Info

Mythic

A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming.

Resource Link
GitHub https://github.com/its-a-feature/Mythic
Documentation https://docs.mythic-c2.net/

Merlin

license Project Type Slack forks stargazers

More Info

Merlin

Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go.

Resource Link
GitHub https://github.com/Ne0nd0g/merlin

HardHatC2

license Project Type Slack forks stargazers

More Info

HardHatC2

A C# Command & Control framework

Resource Link
GitHub https://github.com/DragoQCC/HardHatC2

SharpSCCM

license Project Type Slack forks stargazers

More Info

SharpSCCM

SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI.

Resource Link
GitHub https://github.com/Mayyhem/SharpSCCM

Misconfiguration Manager

license Project Type Slack forks stargazers

More Info

Misconfiguration Manager

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Resource Link
GitHub https://github.com/subat0mik/Misconfiguration-Manager
Homepage https://misconfigurationmanager.com

CS2ModRewrite

license Project Type Slack forks stargazers

More Info

This project converts a Cobalt Strike profile to a functional mod_rewrite .htaccess or Nginx config file to support HTTP reverse proxy redirection to a Cobalt Strike teamserver. The use of reverse proxies provides protection to backend C2 servers from profiling, investigation, and general internet background radiation.

Resource Link
GitHub https://github.com/threatexpress/cs2modrewrite

Malleable C2

license Project Type Slack forks stargazers

More Info

Cobalt Strike Malleable C2 Design and Reference Guide

Resource Link
GitHub https://github.com/threatexpress/malleable-c2

SharpRDP

license Project Type Slack forks stargazers

More Info

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

Resource Link
GitHub https://github.com/0xthirteen/SharpRDP

StayKit

license Project Type Slack forks stargazers

More Info

Cobalt Strike kit for Persistence

Resource Link
GitHub https://github.com/0xthirteen/StayKit

Covenant

license Project Type Slack forks stargazers

More Info

Covenant

Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.

Resource Link
GitHub https://github.com/cobbr/Covenant
Homepage https://cobbr.io/Covenant.html
Documentation https://github.com/cobbr/Covenant/wiki

SharpSploit

license Project Type Slack forks stargazers

More Info

SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.

Resource Link
GitHub https://github.com/cobbr/SharpSploit
Homepage https://sharpsploit.cobbr.io/api/

PowerSploit (Retired)

license Project Type Slack forks stargazers

More Info

PowerSploit - A PowerShell Post-Exploitation Framework

Resource Link
GitHub https://github.com/PowerShellMafia/PowerSploit

Empire (Retired)

license Project Type Slack forks stargazers

More Info

Empire

Empire is a post-exploitation framework with a pure-PowerShell 2.0 Windows agent and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptological-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015, and Python EmPyre premiered at HackMiami in 2016.

The project was retired in 2019, but the code is still available for reference. You can learn more about the end of the project here: https://mobile.twitter.com/specterops/status/1156650932421050368

Resource Link
GitHub https://github.com/EmpireProject/Empire
Homepage http://www.powershellempire.com/

💜 Other Projects

SpecterOps employees have also created and contributed to many other projects, too numerous to list in detail here. These projects are listed below, sorted by the owner's profile.

Expand

Pinned Loading

  1. presentations presentations Public

    SpecterOps Presentations

    183 39

  2. chronology chronology Public

    SpecterOps Historical Records

    12 11

Repositories

Showing 10 of 21 repositories
  • BloodHound Public

    Six Degrees of Domain Admin

    SpecterOps/BloodHound’s past year of commit activity
    Go 1,199 Apache-2.0 121 52 11 Updated Dec 14, 2024
  • AzureHound Public

    Azure Data Exporter for BloodHound

    SpecterOps/AzureHound’s past year of commit activity
    Go 579 GPL-3.0 81 10 5 Updated Dec 12, 2024
  • SharpHoundCommon Public

    Common library used by SharpHound.

    SpecterOps/SharpHoundCommon’s past year of commit activity
    C# 78 GPL-3.0 47 6 6 Updated Dec 11, 2024
  • Nemesis Public

    An offensive data enrichment pipeline

    SpecterOps/Nemesis’s past year of commit activity
    Python 625 61 3 3 Updated Dec 5, 2024
  • SpecterOps/BloodHound_CLI’s past year of commit activity
    Go 1 Apache-2.0 0 0 1 Updated Dec 3, 2024
  • SharpHound Public

    C# Data Collector for BloodHound

    SpecterOps/SharpHound’s past year of commit activity
    C# 783 GPL-3.0 178 14 4 Updated Dec 2, 2024
  • TierZeroTable Public

    Table of AD and Azure assets and whether they belong to Tier Zero

    SpecterOps/TierZeroTable’s past year of commit activity
    HTML 194 GPL-3.0 19 1 0 Updated Nov 20, 2024
  • .github Public
    SpecterOps/.github’s past year of commit activity
    Python 0 BSD-3-Clause 1 0 1 Updated Nov 18, 2024
  • terminal_sync Public Forked from breakid/terminal_sync

    A standalone tool for logging shell commands to GhostWriter automatically

    SpecterOps/terminal_sync’s past year of commit activity
    Python 1 GPL-3.0 2 0 2 Updated Nov 18, 2024
  • presentations Public

    SpecterOps Presentations

    SpecterOps/presentations’s past year of commit activity
    183 39 0 1 Updated Nov 18, 2024

Most used topics

Loading…