A professional Red Team / Pentest tool for assessing the external perimeter of a company in a complete "black box" mode (zero knowledge, without accounts, without IP sheets).
Channel cfs (av/edr/xdr bypass) Info | follow us on Twitter | Discord SERVER xCommunity CFS the CFS - CRYPT FILE SERVICE | Telegram Contact Email Contact
Simulates the actions of real APT groups: finds leaks of VPN links, determines the type of service, checks your corporate login:password bundles and conducts high-speed brute force.
- OpenVPN (.ovpn config brute + valid verification)
- Cisco AnyConnect / ASA
- Palo Alto GlobalProtect
- Pulse Secure / Ivanti Connect Secure
- FortiClient SSL-VPN / FortiGate
- F5 Big-IP APM Border Gateway
- SonicWall SMA / NetExtender
- Check Point Capsule VPN
- Juniper Secure Access / Pulse Connect
- Citrix Gateway / NetScaler
- Microsoft Remote Desktop Web Access + Gateway + RDP
- Microsoft OWA / Exchange
- Zyxel SecuExtender
- Sangfor SSL VPN
- Array Networks
- Barracuda VPN
WordPress, Joomla, OpenCart, Magento, PrestaShop, Drupal, Bitrix, Laravel, phpMyAdmin, cPanel/WHM, Plesk, DirectAdmin, Webmin, ISPmanager, VestaCP, e.t.c
- Mass link scanner (Shodan/Censys/ZoomEye/FoFa integration + your crawler)
- Automatic VPN type detection based on HTTP headers, certificates, and HTML forms
- High-speed brute force and checker (10,000+ threads)
- Full proxy chain + Tor support
- Smart rotation of User-Agent, Referer, and headers
- CAPTCHA bypass modules (for RDWeb, OWA, Citrix)
- Sessions are not killed — emulation of a real client
- Saving valid accesses instantly
- Server mode (headless) under Linux for 24/7 operation on VPS
- GUI only under Windows 10/11
- Export: TXT, CSV, JSON, SQLite, Elasticsearch
- Logging of all requests + PCAP if necessary
- C# .NET 8 — GUI + Windows-core
- C++23 — High-performance network modules
- Golang 1.23 — cross-platform CLI/server
- Python 3.12 — scanners, parsers, integrations
- JavaScript/Node.js — web crawler part
- PHP — separate form emulation modules
All tools and resources are provided for ethical and legal use only, such as authorized penetration testing and security research. Illegal activities, or any consequences arising from improper application of these tools. Users are solely accountable for ensuring compliance with all applicable laws and regulations.
Contributions are welcome! If you have ideas for improving configurations or adding new templates, please submit a pull request. Ensure all contributions align with the educational and ethical goals of this project.
To the maximum extent permitted by applicable law, we will not be liable for any indirect, incidental, special, consequential, or punitive damages or any loss of profits or income incurred directly or indirectly, or any loss of data, usage, business reputation, or other non-material damages resulting from (i) your access to this resource and/or inability to access this resource; (ii) any behavior or content of any third party referenced by this resource, including without limitation any defamatory, offensive or illegal behavior of other users or third parties; (iii) any content obtained from this resource.