Attacks Plugins
Attacks install offensive tooling on a machine — most commonly Kali attacker workstations or dedicated C2 servers. Drop one of these on an attacker box, point it at a target lab, and you’ve got a working red-team rig.
Available plugins
Section titled “Available plugins”| Plugin | What it does | Params | Uses |
|---|---|---|---|
| Create Cobalt Strike 4.12 Teamserver | Installs the Cobalt Strike 4.12 teamserver on a Linux host at the given static IP. | StaticIP | 88 |
| Install Mythic C2 and Agents | Installs the Mythic C2 framework with 7 agents (Apollo, Poseidon, Athena, Merlin, Medusa, Apfell, Nimplant) and 6 C2 profiles. Web UI on port 7443. | DesiredUsername | 47 |
| Install Sliver C2 (With Full Armory) | Installs Sliver C2 with pre-downloaded Armory extensions and Go/Zig toolchains for offline implant generation. Multi-OS targeting (Linux, Windows, macOS). | DesiredUsername | 47 |
| Install Tuoni C2 | Installs the Tuoni C2 framework (teamserver + web UI) on a Kali host for red-team command-and-control. | DesiredUsername | 27 |
| Install Havoc C2 | Installs the Havoc C2 framework (teamserver + client dependencies) on a Kali host for post-exploitation command-and-control. | DesiredUsername | 25 |
| Install Cobalt Strike Client | Copies the Cobalt Strike 4.12 client to a Linux operator desktop. | elastic_server_ip | 4 |
| Install EvilnoVNC | Installs the EvilnoVNC phishing platform — a noVNC-based tool that serves a real Chromium browser session to victims for 2FA bypass and live session theft. | — | 3 |
| ics-attack-replayer | Installs tcpreplay and pyModbus on a Linux host and runs a scheduled attack cycle against configured ICS devices to generate IOCs for NSM detection exercises. | ReplayInterface TargetDeviceList AttackIntervalMinutes SourceIPSpoof AttackJitterPercent PcapReplayList EnabledAttackModules ModbusWriteValueStrategy AttackWindowCron AttackStartDelayMinutes DryRunMode MaxWritesPerCycle | 2 |
| Install BloodHound CE | Deploys BloodHound Community Edition via Docker Compose for Active Directory attack-path analysis. Web UI on port 8080 with default admin/Password1!. | DesiredUsername | 1 |
| Install Chisel C2 Tunnel Server | Installs the Chisel TCP/UDP tunneling tool from source on a Kali attacker box with a full Go build environment for reverse SOCKS5 pivoting. | DesiredUsername | 1 |