Maalik Network Pivoting and Post Exploitation Framework



Network Pivoting and Post Exploitation Framework.


Console Features

  • Desktop notification on new session.
  • Kill Online session easily.
  • Build Maalik Client, Fhdawn easily.
  • Configurable values in settings.ini
  • Root shell.
  • Multithreaded, Get multiple sessions.
  • Maalik is extremenly easy to use.

Fhdawn Features

Fhdawn is the maalik client.

StealthRuns in background, Only writes hidden plaintext file to disk.
Auto AdminAttempts to become Administrator by impersonating Windows Defender.
Execute / list / delete files and BrowseFull access to all files. Browse the system remotley.
Windows Defender ExclusionsAdd Windows Defender Exclusions.
Network PivotingForwards a Port to another Host on the network to forward exploit traffic onto it.
Enable / Disable FirewallEnable or Disable Windows Firewall, Use full for pivoting scenarios. Firewall is automatically turned off during Pivot attack.
Network ScannerDiscover Hosts in the subnet.
Port ScannerScans discovered hosts for common ports.
MS17-10 Network ScannerScans the network for Hosts vulnerable to MS17-10, The Eternal Blue.
Automatic Eternal BlueAutomatically runs metasploit using rc file to potentially exploit Port 445.
Reverse ShellStable Reverse Shell, Commands executed as cmd.exe /c <your input>.
File upload / downloadUpload or Download Files.
Reflective DLL InjectionReflective DLL Injection into any process.
ScreenshotTake screenshot (bmp=>png).
GeoLocationGeolocate Fhdawn.
SAM DumpDumps SAM and SYSTEM files to disk, Downloads and dumps them using samdump2.
Dynamic Payload System (DPS).

Executes ‘Payloads’ in Memory using Reflective DLL Injection. The Payload is a 32 bit Reflective DLL, That carries out tasks after successful Injection. DLL output is written to a TEXT file named output.png which is used to smuggle output back to server, And also give the DLL Payload commands.

(DPS) Reverse ShellNetcat Reverse shell.
(DPS) Administrator Prompt TriggerForcefully attempt to Execute an Application as Administrator.
(DPS) Chrome Password RecoveryDumps Saved Google Chrome passwords. (Does not work on latest version) :shipit:
(DPS) In Memory MeterpreterExecute Metasploit C Shellcode.
(DPS) Keystroke loggingLog keystrokes.
(DPS) Capture Mic InputRecord Mic.
(DPS) Registry PersistenceAdd any application to startup using registry keys.
CMD Post Exploitation Commands (CMD)

These are cmd commands that are useful in a post exploit situation. Not listed here.

  • List users.
  • View full System Information.
  • View all Drivers.
  • Get list of running processes.
  • Get Available Drive Letters.
  • Get all envoironment variables.
  • Displays information about sessions on a Remote Desktop Session Host server.
  • Acronym for ‘netsh wlan show profiles’.
  • Enable Remote Desktop.
  • Disable Remote Desktop.
  • Disable Firewall.
  • Enable firewall.
  • Forward a PORT on the Remote PC.
  • Reset all forwarded Ports.


Install :

Do not clone the repository.

cd maalik
sudo chmod +x
sudo ./

This Project is active in developement. There may be Errors and bugs that I may have missed. If you find any, Or you have an idea or suggestion. Please submit here.


  • Add Route pivoting.
  • Add Reflective Exploits.
  • Maalik V.3. ( ͡° ͜ʖ ͡°)


Hi my name’s Fahad. You may contact me, on Discord or My Website Contact discord for fastest response.



The Developer is not responsible for any misuse of Damage caused by the program. This is created only to innovate NetSec and YOU. point_left


Help me with my future projects. Thank you. Donate with Crypto


Please follow and like us: