Skip to content

Attacks Plugins

Attacks install offensive tooling on a machine — most commonly Kali attacker workstations or dedicated C2 servers. Drop one of these on an attacker box, point it at a target lab, and you’ve got a working red-team rig.

PluginWhat it doesParamsUses
Create Cobalt Strike 4.12 TeamserverInstalls the Cobalt Strike 4.12 teamserver on a Linux host at the given static IP.StaticIP88
Install Mythic C2 and AgentsInstalls the Mythic C2 framework with 7 agents (Apollo, Poseidon, Athena, Merlin, Medusa, Apfell, Nimplant) and 6 C2 profiles. Web UI on port 7443.DesiredUsername47
Install Sliver C2 (With Full Armory)Installs Sliver C2 with pre-downloaded Armory extensions and Go/Zig toolchains for offline implant generation. Multi-OS targeting (Linux, Windows, macOS).DesiredUsername47
Install Tuoni C2Installs the Tuoni C2 framework (teamserver + web UI) on a Kali host for red-team command-and-control.DesiredUsername27
Install Havoc C2Installs the Havoc C2 framework (teamserver + client dependencies) on a Kali host for post-exploitation command-and-control.DesiredUsername25
Install Cobalt Strike ClientCopies the Cobalt Strike 4.12 client to a Linux operator desktop.elastic_server_ip4
Install EvilnoVNCInstalls the EvilnoVNC phishing platform — a noVNC-based tool that serves a real Chromium browser session to victims for 2FA bypass and live session theft.3
ics-attack-replayerInstalls tcpreplay and pyModbus on a Linux host and runs a scheduled attack cycle against configured ICS devices to generate IOCs for NSM detection exercises.ReplayInterface TargetDeviceList AttackIntervalMinutes SourceIPSpoof AttackJitterPercent PcapReplayList EnabledAttackModules ModbusWriteValueStrategy AttackWindowCron AttackStartDelayMinutes DryRunMode MaxWritesPerCycle2
Install BloodHound CEDeploys BloodHound Community Edition via Docker Compose for Active Directory attack-path analysis. Web UI on port 8080 with default admin/Password1!.DesiredUsername1
Install Chisel C2 Tunnel ServerInstalls the Chisel TCP/UDP tunneling tool from source on a Kali attacker box with a full Go build environment for reverse SOCKS5 pivoting.DesiredUsername1