LogoAISecKit
  • Search
  • Collection
  • Category
  • Tag
  • Blog
  • Pricing
  • Submit
LogoAISecKit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

LogoAISecKit

Curated directory of 1700+ AI tools, models, frameworks, MCP servers, and cybersecurity resources

GitHub
Product
  • Search
  • Collection
  • Category
  • Tag
Resources
  • Blog
  • Pricing
  • Submit
Company
  • About Us
  • Privacy Policy
  • Terms of Service
  • Sitemap
Copyright © 2026 All Rights Reserved.
Sponsored Resources
  1. Home
  3. Category
  7. peeko
icon of peeko

peeko

peeko is a browser-based XSS C2 tool for stealthy internal network exploration via infected browsers.

Visit Website
image for peeko
Visit Website

Introduction

Introduction to peeko

peeko is a browser-based XSS-powered Command and Control (C2) tool designed for stealthy internal network exploration. By leveraging the victim's browser, peeko allows attackers to remotely control the browser to send requests to internal services, scan networks, exfiltrate data, and execute arbitrary JavaScript without dropping any binaries.

Key Features:
  • WebSocket Communication: Establishes a connection between the victim's browser and the attacker's server.
  • Control Panel: A simple UI to manage connected victims and execute commands.
  • Network Scanning: Scan internal networks and specific ports.
  • File Delivery: Send files to the victim's browser for automatic download.
  • Info Gathering: Collect user agent, platform, cookies, and more.
  • Custom JS Execution: Run arbitrary JavaScript on the victim's browser.
  • Logging: Comprehensive logging of requests, responses, and actions.
Benefits:
  • Stealthy Operations: Operates without dropping files or making outbound connections, making it harder to detect.
  • Educational Use: Designed for authorized testing and educational purposes, ensuring ethical use.
Highlights:
  • Supports HTTPS with self-signed certificates.
  • Lightweight setup with minimal dependencies.
  • Written in Python, making it accessible for developers familiar with the language.
Back

Information

  • Publisher
    AISecKit
  • Websitegithub.com
  • Published date2025/04/28

Categories

  • Incident Response Tools
  • Penetration Testing
  • Web Security

Tags

  • Exploit Development
  • Security Auditing
  • Open Source
  • Incident Response
  • Red Team Testing

More Products

image of Phantom
DevSecOps ToolsPenetration TestingVulnerability Scanners
Visit Website
icon of Phantom

Phantom

A browser extension for SRC vulnerability mining, collecting sensitive information and suspicious clues from web pages.

Security AuditingOpen SourceIncident ResponseVulnerability ScanningAPI Security+1
E
Penetration TestingSecurity Training PlatformsAI Security Monitoring
Visit Website
icon of Exploiting AI

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt InjectionGenerative AIRed Team TestingData Poisoning
F
Input Validation & FilteringPenetration TestingAI Security Monitoring
Visit Website
icon of Folly

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt InjectionOpen SourceAPI SecuritySecurity TestingLLM Security+1