Post Exploitation Toolkit
In everything we do, we believe in challenging the status quo to make the world a safer place.
Cross Platform (macOS, Linux, & Windows).
Target Side Code is C++ POSIX.
Server Side Code is a modern multi-user web interface ( no Java thick client to bog down your system ).
Target Side Code can be staged via a scripting languages (e.g. python) for ease with operations ( or directly executed via binaries ).
Coded by a professional (e.g. previously NSA) with over a decade of experience with creating and analyzing offensive toolkits.
What is Voodoo?
Voodoo is a Cross Platform (Linux, macOS, & Windows) Post Exploitation Toolkit (software) for Red Team operations. Red Team operations leverage the tools, techniques, and procedures of modern adversaries. In contrast most penetration tests focus on discovering the most findings (e.g. misconfigurations, unpatched vulnerabilities, etc...), whereas most Red Team operations focus on testing an organization's security operations and incident response capabilities.
What Target Operating Systems are Supported?
Linux - Tested Under CentOS 7 & 6, Ubuntu 16.04 LTS, Debian, Red Hat, etc...
macOS - Tested Under 10.14: Mojave (Liberty), 10.13: High Sierra (Lobo), 10.12: Sierra (Fuji), etc...
Windows - Tested Under Windows 10, 8, 7, etc...
What are Voodoo's primary features?
Voodoo is Cross Platform (Linux, macOS, & Windows), with every supported target being able to communicate laterally with each other. Hence you can go deep into target networks, seamlessly operating on Linux, macOS, and Windows targets, without any hassles.
Where do I learn how to use Voodoo?
Our "AWS & Azure Exploitation: Making the Cloud Rain Shells!" training course provides in-depth coverage of the toolkit.
We will also be releasing videos, blog posts, and tutorials on Voodoo throughout the coming year, so stay tuned!
How much does Voodoo cost?
Voodoo comes in a few different versions:
How do I use the Community Edition?
- Ensure all firewalls and/or security groups are allowing inbound TCP port 443
- Find your current servers IP address:
$ curl ipcurl.net/n
- Start up the Voodoo CE Listening Post (LP):
$ sudo docker run -ti -p 443:443 cnoio/voodoo_ce
Enter first username: admin
Enter password: apassword
Reenter password: apassword
- Browse to
- Accept Certs
- Login w/ creds previously set
- Enable MFA w./ the Google Authenticator App on your Mobile phone
- And you should now be good to go!
Alternatively, here is the code to setup Voodoo by hand: By Hand Voodoo Community Edition Setup
We have a generous, 21-day, any-reason return policy.
Who develops Voodoo?
Waylon Grange (@professor__plum) is the creator of Voodoo.
Request a Demo of Voodoo Pro for a Quote with Pricing