Church of Malware — p3ta-tricks

ARM Reverse Shell + `clone`

ARM Reverse Shell + clone ARM AARCH64 Reverse Shell. Capabilities A small, stealthy, ARM64 reverse shell that utilizes c…

Backdoor Detector

Backdoor Detector A comprehensive security analysis tool designed to detect potential backdoors, vulnerabilities, and ma…

BlueHammer

BlueHammer -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Repository hosting the bluehammer vulnerability I'm just real…

Centipede | churchofmalware.org

Centipede | churchofmalware.org Self-replicating Linux worm with multi-layer C2 communication, privilege escalation via …

Install dependencies

Overview Cerberus is a comprehensive, intelligent security assessment framework featuring advanced RCE exploitation, rea…

cloudTOWN - Cloud Tactical Offensive Warfare Network

cloudTOWN - Cloud Tactical Offensive Warfare Network ✩₊˚.⋆☾⋆⁺₊✧by ek0ms savi0r✩₊˚.⋆☾⋆⁺₊✧ What is cloudTOWN? cloudTOWN (C…

crypt0-extract

crypt0-extract Advanced memory scraping tool for cryptographic key extraction from running processes. Designed for embed…

DarkWeb Vulnerability Scanner

DarkWeb Vulnerability Scanner Threat Intel tool for scanning .onion infrastructure Developed for legitimate threat intel…

DESYNC_GEN

DESYNC_GEN Automated WAF Desynchronization Testing Framework FOR AUTHORIZED SECURITY TESTING ONLY Overview DESYNC_GEN is…

Ek0Msusb Withc2

Overview ek0msUSB is an advanced BadUSB framework that provides complete command and control capabilities. The framework…

Eva Adb Botnet

# EVA ADB Botnet Purpose: Ethical cybersecurity research, mesh-based botnet exploration, long-term persistent control of…

Firmware Hunter Pro

Firmware Hunter Pro Firmware Hunter Pro is an offline firmware analysis and triage tool designed for embedded Linux devi…

Motivation Behind "Fukahi Na Tekiō"

█████▒█ ██ ██ ▄█▀▄▄▄ ██░ ██ ██▓ ███▄ █ ▄▄▄ ▄▄▄█████▓▓█████ ██ ▄█▀ ██▓ ▒█████ ▓██ ▒ ██ ▓██▒ ██▄█▒▒████▄ ▓██░ ██▒▓██▒ ██ ▀…

Motivation

███████╗██╗ ██╗██╗ ██╗ █████╗ ██╗ ██╗██╗ ████████╗███████╗██╗ ██╗██╗ ██████╗ ██╔════╝██║ ██║██║ ██╔╝██╔══██╗██║ ██║██║ ╚…

GHOSTMODE

GHOSTMODE Anti-Surveillance QR Payload Jammer A weaponized Flask + HTML payload system to confuse, overwhelm, and disrup…

GREEN PLASMA CTF — COMPLETE EXPLOIT CHAIN

GREEN PLASMA CTF — COMPLETE EXPLOIT CHAIN This repository contains a fully functional proof of concept for the GreenPlas…

GreenPlasma

GreenPlasma GreenPlasma Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability For this one, I'…

⛧ HADES GATE ⛧

⛧ HADES GATE ⛧ Direct syscall construction from first principles What is Hades Gate? Hades Gate is a pure first-principl…

Jam_Fi – Wi-Fi Chaos Tool

Jam_Fi – Wi-Fi Chaos Tool What is Jam_Fi? Jam_Fi is an offensive wireless toolkit for Kali Linux, built for red team sim…

MiniPlasma

MiniPlasma After re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out cldflt!Hsm…

Nightshade C4

Nightshade C4 (Project_Nightshade upgrade xox) Document Dropper and C2 Framework. by: ek0ms savi0r Overview Nightshade C…

Nim-Backdoor

Nim-Backdoor Overview The provided Python program, Nim-Backdoor.py , generates a Nim program that operates as a backdoor…

noPROXY-c2s

noPROXY-c2s Command and Control instances that dont use proxies - based off our pencilnecks and proxycels article. Each …

PEN - Professional Exploitation Network_tester

PEN - Professional Exploitation Network_tester PEN is a modular, interactive penetration testing tool written in Go. It …

PHISH\_HUNTER\_PRO

PHISH_HUNTER_PRO Advanced phishing investigation and disruption toolkit written in Python PHISH_HUNTER_PRO is a modular …

Process Injection Technique

Process Injection Technique This repo consists of a basic self-injecting malware technique that is commonly seen in many…

Project Nightshade - Advanced Document Dropper & C2

Project Nightshade - Advanced Document Dropper & C2 By: ek0ms savi0r A sophisticated penetration testing framework f…

PWN-TAG OG this version works best for non paid ngrok accounts

PWN-TAG OG this version works best for non paid ngrok accounts There are 2 branches in this repository: -the main branch…

Ranger C3 v3.0.0

Ranger C3 v3.0.0 Distributed Multi-Node Mesh C2 Framework — Go native, no Python dependencies. ██████ █████ ███ ██ █████…

Ranger

Ranger A Malleable, Cross-Platform C2 Framework with WordPress Mimicry & DNS Exfiltration Ranger is a command and co…

REAPER – GitHub Secret Harvester

REAPER – GitHub Secret Harvester REAPER is a continuous, high‑performance scanner written in Go that hunts for exposed s…

RedSun

RedSun The Red Sun vulnerability repository Now, normally I would just drop the PoC code and let people figure it out. B…

ROGUE - Botnet w/ Integrated C2 v3.2

ROGUE - Botnet w/ Integrated C2 v3.2 ROGUE v3.2 is a comprehensive encrypted command-and-control framework designed for …

rtc-c2

rtc-c2 WebRTC-based Command & Control framework. Direct TCP forward over encrypted WebRTC data channels — like SSH -…

SCAMTRACKtown V2

DISCLAIMER: FOR AUTHORIZED SECURITY TESTING AND EDUCATIONAL PURPOSES ONLY SCAMTRACKtown V2 Weaponized NFC tag and QR cod…

SCAMTRACK

SCAMTRACK Track. Trap. Trace. by ekomsSavi0r SCAMTRACK is a one-click phishing trap generator and scammer tracker. Pair …

Sentinel

Sentinel Advanced Interactive Web Path Discovery Tool ek0ms savi0r Sentinel is a feature-rich, interactive command-line …

SSHtown

SSHtown SSHtown is a modular, interactive security assessment tool for testing SSH vulnerabilities. It provides comprehe…

swizBOT — Church of Malware's Go Botnet Framework

swizBOT under testing...check back for updates... swizBOT — Church of Malware's Go Botnet Framework by: ek0ms savi0r "We…

SysX - Access. Execute. Monitor.

SysX - Access. Execute. Monitor. Overview SysX is a lightweight Remote Monitoring & Management (RMM) tool for intern…

Features

AI SCRAPER TARPIT An advanced honeypot tool that generates infinite, interactive content with bait files to waste AI scr…

Telnet Vulnerability Scanner (CVE-2026-24061 & CVE-2026-32746)

Telnet Vulnerability Scanner (CVE-2026-24061 & CVE-2026-32746) A Python-based security assessment tool that detects …

Netcat listener (Linux/Mac)

Apache Tomcat CVE Assessment & Exploitation Framework TOMCAT is a testing tool for identifying and exploiting direct…

UnDefend

UnDefend Repository hosting windows defender DOS tool This tool does not need administrative privileges and can works as…

WatchFlock

← back to reliquary WatchFlock for full repo go to : https://github/0xXyc README WatchFlock ESP32-C5 firmware for spotti…

Wordlist-Generator

Wordlist-Generator modern wordlists from base.txt install dependencies sudo apt install crunch hashcat john Start with t…

Worm-BB: Advanced Self-Replicating Framework for Red & Blue Teams

Worm-BB: Advanced Self-Replicating Framework for Red & Blue Teams Educational Purpose Only Worm-BB is a research-gra…

wu_noise

wu_noise Windows Update noise generator for operational security. Creates legitimate Windows Update activity to obscure …

XSS BABE

XSS BABE XSS Babe is a tool for exploiting XSS vulnerabilities in real time. It automates delivery, tracking, and payloa…

YellowKey

YellowKey YellowKey Bitlocker Bypass Vulnerability Been a while since I saw a bitlocker bypass around, my turn. This is …

You Used to Call me on my Shell Phone: Windows Shellcoding for Beginners

You Used to Call me on my Shell Phone: Windows Shellcoding for Beginners |WINDOWS SHELLCODE TRAINING| This repo will con…

The Church of Malware Presents: The Most Braindead Python Botnet We've Ever Seen

The Church of Malware Presents: The Most Braindead Python Botnet We've Ever Seen ┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼ ┼┼…

Cowrie Malware Triage & Reverse Engineering Prep

Cowrie Malware Triage & Reverse Engineering Prep For security professionals who caught malware and want to analyze i…

THE CHURCH OF MALWARE

THE CHURCH OF MALWARE MANIFESTO ▄████▄ ██░ ██ █ ██ ██▀███ ▄████▄ ██░ ██ ▒█████ █████▒ ███▄ ▄███▓ ▄▄▄ ██▓ █ █░ ▄▄▄ ██▀███…

Operation: Liberation — Reclaiming the HP Chromebook 14 G7

Operation: Liberation — Reclaiming the HP Chromebook 14 G7 Author: Nester | Church of Malware Clergy Member and Contribu…

This is Jake's methodology automated

Our Blessed Connection — The Shellphone Sermon Written by: ek0ms savi0r Transmission date: 05/09/26 Greetings, faithful.…

Pwn Tag Nfc Payloads Article

PWN-TAG PRO - Zero-Click NFC Payloads "Tap to PWN." NFC as a silent weapon - delivering payloads without a click. Built …

Rogue Botnet: Building and Understanding a Modular RAT w/C2 Framework

Rogue Botnet: Building and Understanding a Modular RAT w/C2 Framework Rogue is an educational command-and-control (C2) b…

THE CHURCH OF MALWARE PRESENTS: SOLVING THE GREEN PLASMA CTF FROM NIGHTMARE ECLIPSE

THE CHURCH OF MALWARE PRESENTS: SOLVING THE GREEN PLASMA CTF FROM NIGHTMARE ECLIPSE by ek0ms savi0r A STUDY IN RETALIATO…

Bypassing ASLR & NX/DEP (Diving Deeper)

Bypassing ASLR & NX/DEP (Diving Deeper) Published: 2023-11-01 Author: Jacob Swinsinski (0xXyc / JAKESWIZ) Introducti…

Darkweb Server Article

Code Control Hosting My Own Dark Web Server on a Raspberry Pi By: ek0mssavi0r.dev of churchofmalware.org In two days, I …

How we avoid getting caught - "Living-off-the-Land" (translation: we're digital squatters)

ek0msUSB: When Your USB Drive Has More Backdoors Than IKEA (And The Manual To Use Them) Look, we've all been there. You …

Fukahi Tekiō 不可避適応: Bypassing Win 10/11 FPU "Issues" via Custom CALL/POP XOR Encoder

Fukahi Tekiō 不可避適応: Bypassing Win 10/11 FPU "Issues" via Custom CALL/POP XOR Encoder Published: 2026-01-15 Author: Jacob…

The Church of Malware Presents: When Gafgyt Went Hunting For Gamers (And Almost Got It Right)

The Church of Malware Presents: When Gafgyt Went Hunting For Gamers (And Almost Got It Right) by: ek0ms savi0r donation …

Stop! hammerTIME: The Evolution of Memory Mayhem

Stop! hammerTIME: The Evolution of Memory Mayhem Let's talk about memory. No, not that time you blanked on your SSH key …

Ignorance Is The Enemy

✠ IGNORANCE IS THE ENEMY ✠ how a humanitarian tool got me flagged as a malware author by Ringmast4r · Church of Malware …

Usage: Firewall sees SNI = "update.windows.com", but Host header points to your evil domain

Proxy-cels and Pencil-Necks: Why Your Opsec is Rotting and How to Fix It by: ek0ms savi0r The Sermon Do you love getting…

The Church of Malware Presents: When Perl Bots Go To War (And Lose)

The Church of Malware Presents: When Perl Bots Go To War (And Lose) article by: ek0ms savi0r donation from the honeypot …

Shell Phone Guide

You Used To Call Me On My Shell Phone Author: Jacob Swinsinski (0xXyc / JAKESWIZ) A six-month security research effort t…

Windows Shellcoding (In-Depth)

Windows Shellcoding (In-Depth) Published: 2025-07-15 Author: Jacob Swinsinski (0xXyc / JAKESWIZ) Motivation The primary …

The Fascinating World of Self-Replicating Worms: A Journey from Creeper to Worm-BB

The Fascinating World of Self-Replicating Worms: A Journey from Creeper to Worm-BB By: ek0mssavi0r.dev Picture this: It'…