This repository was archived by the owner on Mar 11, 2025. It is now read-only.
Home
"Hey, you got your notetaking app in my C2!"
"Hey, you got your C2 in my notetaking app!"
Want to document your red team operation, but think it's lame your notetaking application can't aid in your post-exploitation efforts? Now your notetaking app is your C2, with OffensiveNotion!
OffensiveNotion combines the capabilities of a post-exploitation agent with the power of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans, none will be the wiser.
With a little setup, you can...
- Receive an agent check in to your notion page:
[pic]
- Run shell commands:
[pic]
- Stack up a bunch of commands to do initial check-in safety checks...
[pic]
- ...and then execute them all:
[pic]
- Document your findings as you go on the same page:
[pic]
- Portscan another host or subnet:
[pic]
- Elevate to the administrator context:
[pic]
- Persist using one of many different methods:
[pic]
- And, perform remote shellcode injection:
[pic]