Awesome-Red-Team-Operations icon indicating copy to clipboard operation
Awesome-Red-Team-Operations copied to clipboard

Published 20 hours ago verified publisher icon CyberSecurityUP

Metadata

Awesome-Red-Team-Operation

PenTest and Red Teams Tools by Joas and S3cur3Th1sSh1t

Powershell Scripts

  • https://github.com/S3cur3Th1sSh1t/WinPwn

  • https://github.com/dafthack/MailSniper

  • https://github.com/putterpanda/mimikittenz

  • https://github.com/dafthack/DomainPasswordSpray

  • https://github.com/mdavis332/DomainPasswordSpray

  • https://github.com/jnqpblc/SharpSpray

  • https://github.com/Arvanaghi/SessionGopher

  • https://github.com/samratashok/nishang

  • https://github.com/PowerShellMafia/PowerSploit

  • https://github.com/fdiskyou/PowerOPS

  • https://github.com/giMini/PowerMemory

  • https://github.com/Kevin-Robertson/Inveigh

  • https://github.com/MichaelGrafnetter/DSInternals

  • https://github.com/PowerShellEmpire/PowerTools

  • https://github.com/FuzzySecurity/PowerShell-Suite

  • https://github.com/hlldz/Invoke-Phant0m

  • https://github.com/leoloobeek/LAPSToolkit

  • https://github.com/n00py/LAPSDumper

  • https://github.com/sense-of-security/ADRecon

  • https://github.com/adrecon/ADRecon

  • https://github.com/S3cur3Th1sSh1t/Grouper

  • https://github.com/l0ss/Grouper2

  • https://github.com/NetSPI/PowerShell

  • https://github.com/NetSPI/PowerUpSQL

  • https://github.com/GhostPack

  • https://github.com/Kevin-Robertson/Powermad

AMSI Bypass

  • https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell

  • https://github.com/Flangvik/AMSI.fail

  • https://github.com/p3nt4/PowerShdll

  • https://github.com/jaredhaight/PSAttack

  • https://github.com/Cn33liz/p0wnedShell

  • https://github.com/cobbr/InsecurePowerShell

  • https://github.com/bitsadmin/nopowershell

  • https://github.com/Mr-Un1k0d3r/PowerLessShell

  • https://github.com/OmerYa/Invisi-Shell

  • https://github.com/Hackplayers/Salsa-tools

  • https://github.com/padovah4ck/PSByPassCLM

  • https://github.com/rasta-mouse/AmsiScanBufferBypass

  • https://github.com/itm4n/VBA-RunPE

  • https://github.com/cfalta/PowerShellArmoury

  • https://github.com/Mr-B0b/SpaceRunner

  • https://github.com/RythmStick/AMSITrigger

  • https://github.com/rmdavy/AMSI_Ordinal_Bypass

  • https://github.com/mgeeky/Stracciatella

  • https://github.com/med0x2e/NoAmci

  • https://github.com/rvrsh3ll/NoMSBuild

  • https://github.com/bohops/UltimateWDACBypassList

  • https://github.com/jxy-s/herpaderping

  • https://github.com/Cn33liz/MSBuildShell

Payload Hosting

  • https://github.com/kgretzky/pwndrop

  • https://github.com/sc0tfree/updog

Network Share Scanner

  • https://github.com/SnaffCon/Snaffler

  • https://github.com/djhohnstein/SharpShares

  • https://github.com/vivami/SauronEye

  • https://github.com/leftp/VmdkReader

Reverse Shellz

  • https://github.com/xct/xc

  • https://github.com/cytopia/pwncat

  • https://github.com/Kudaes/LOLBITS

Backdoor Finder

  • https://github.com/linuz/Sticky-Keys-Slayer

  • https://github.com/ztgrace/sticky_keys_hunter

  • https://github.com/countercept/doublepulsar-detection-script

Pivoting

  • https://github.com/0x36/VPNPivot

  • https://github.com/securesocketfunneling/ssf

  • https://github.com/p3nt4/Invoke-SocksProxy

  • https://github.com/sensepost/reGeorg

  • https://github.com/hayasec/reGeorg-Weblogic

  • https://github.com/nccgroup/ABPTTS

  • https://github.com/RedTeamOperations/PivotSuite

  • https://github.com/trustedsec/egressbuster

  • https://github.com/vincentcox/bypass-firewalls-by-DNS-history

  • https://github.com/shantanu561993/SharpChisel

  • https://github.com/jpillora/chisel

  • https://github.com/esrrhs/pingtunnel

  • https://github.com/sysdream/ligolo

  • https://github.com/nccgroup/SocksOverRDP

  • https://github.com/blackarrowsec/mssqlproxy

Persistence on Windows

  • https://github.com/fireeye/SharPersist

  • https://github.com/outflanknl/SharpHide

  • https://github.com/HarmJ0y/DAMP

Framework Discovery

  • https://github.com/Tuhinshubhra/CMSeeK

  • https://github.com/Dionach/CMSmap - Wordpress, Joomla, Drupal Scanner

  • https://github.com/wpscanteam/wpscan

  • https://github.com/Ekultek/WhatWaf

  • https://github.com/KingOfBugbounty/KingOfBugBountyTips

Framework Scanner / Exploitation

  • https://github.com/wpscanteam/wpscan - wordpress

  • https://github.com/n00py/WPForce

  • https://github.com/m4ll0k/WPSeku https://github.com/swisskyrepo/Wordpresscan

  • https://github.com/rastating/wordpress-exploit-framework

  • https://github.com/coldfusion39/domi-owned - lotus domino

  • https://github.com/droope/droopescan - Drupal

  • https://github.com/whoot/Typo-Enumerator - Typo3

  • https://github.com/rezasp/joomscan - Joomla

File / Directory / Parameter discovery

  • https://github.com/OJ/gobuster

  • https://github.com/nccgroup/dirble

  • https://github.com/maK-/parameth

  • https://github.com/devanshbatham/ParamSpider - Mining parameters from dark corners of Web Archives

  • https://github.com/s0md3v/Arjun - 💗

  • https://github.com/Cillian-Collins/dirscraper - Directory lookup from Javascript files

  • https://github.com/hannob/snallygaster

  • https://github.com/maurosoria/dirsearch

  • https://github.com/s0md3v/Breacher - Admin Panel Finder

  • https://github.com/mazen160/server-status_PWN

  • https://github.com/helviojunior/turbosearch

Rest API Audit

  • https://github.com/microsoft/restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

  • https://github.com/flipkart-incubator/Astra

Windows Privilege Escalation / Audit

  • https://github.com/itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows

  • https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS - powerfull Privilege Escalation Check Script with nice output

  • https://github.com/AlessandroZ/BeRoot

  • https://github.com/rasta-mouse/Sherlock

  • https://github.com/hfiref0x/UACME - UAC

  • https://github.com/rootm0s/WinPwnage - UAC

  • https://github.com/abatchy17/WindowsExploits

  • https://github.com/dafthack/HostRecon

  • https://github.com/sensepost/rattler - find vulnerable dlls for preloading attack

  • https://github.com/WindowsExploits/Exploits

  • https://github.com/Cybereason/siofra - dll hijack scanner

  • https://github.com/0xbadjuju/Tokenvator - admin to system

  • https://github.com/MojtabaTajik/Robber

  • https://github.com/411Hall/JAWS

  • https://github.com/GhostPack/SharpUp

  • https://github.com/GhostPack/Seatbelt

  • https://github.com/A-mIn3/WINspect

  • https://github.com/hausec/ADAPE-Script

  • https://github.com/SecWiki/windows-kernel-exploits

  • https://github.com/bitsadmin/wesng

  • https://github.com/rasta-mouse/Watson

LinkedIn

  • https://www.linkedin.com/in/joas-antonio-dos-santos

Windows Privilege Abuse (Privilege Escalation)

  • https://github.com/gtworek/Priv2Admin - Abuse Windows Privileges

  • https://github.com/itm4n/UsoDllLoader - load malicious dlls from system32

  • https://github.com/TsukiCTF/Lovely-Potato - Exploit potatoes with automation

  • https://github.com/antonioCoco/RogueWinRM - from Service Account to System

  • https://github.com/antonioCoco/RoguePotato - Another Windows Local Privilege Escalation from Service Account to System

  • https://github.com/itm4n/PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019

  • https://github.com/BeichenDream/BadPotato - itm4ns Printspoofer in C#

  • https://github.com/itm4n/FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account

Exfiltration

  • https://github.com/gentilkiwi/mimikatz

  • https://github.com/GhostPack/SafetyKatz

  • https://github.com/Flangvik/BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.

  • https://github.com/GhostPack/Rubeus

  • https://github.com/Arvanaghi/SessionGopher

  • https://github.com/peewpw/Invoke-WCMDump

  • https://github.com/tiagorlampert/sAINT

  • https://github.com/AlessandroZ/LaZagneForensic - remote lazagne

  • https://github.com/eladshamir/Internal-Monologue

  • https://github.com/djhohnstein/SharpWeb - Browser Creds gathering

  • https://github.com/moonD4rk/HackBrowserData - hack-browser-data is an open-source tool that could help you decrypt data[passwords|bookmarks|cookies|history] from the browser.

  • https://github.com/mwrlabs/SharpClipHistory - ClipHistory feature get the last 25 copy paste actions

  • https://github.com/outflanknl/Dumpert - dump lsass using direct system calls and API unhooking

  • https://github.com/b4rtik/SharpMiniDump - Create a minidump of the LSASS process from memory - using Dumpert

  • https://github.com/b4rtik/ATPMiniDump - Evade WinDefender ATP credential-theft

  • https://github.com/aas-n/spraykatz - remote procdump.exe, copy dump file to local system and pypykatz for analysis/extraction

  • https://github.com/0x09AL/RdpThief - extract live rdp logins

  • https://github.com/chrismaddalena/SharpCloud - Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute.

  • https://github.com/djhohnstein/SharpChromium - .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.

  • https://github.com/jfmaes/SharpHandler - This project reuses open handles to lsass to parse or minidump lsass

  • https://github.com/V1V1/SharpScribbles - ThunderFox for Firefox Credentials, SitkyNotesExtract for "Notes as passwords"

  • https://github.com/securesean/DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon

  • https://github.com/G0ldenGunSec/SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py

  • https://github.com/EncodeGroup/Gopher - C# tool to discover low hanging fruits like SessionGopher

  • https://github.com/GhostPack/SharpDPAPI - DPAPI Creds via C#

  • LSASS Dump Without Mimikatz

  • https://github.com/Hackndo/lsassy

  • https://github.com/aas-n/spraykatz

  • https://github.com/b4rtik/SharpKatz - C# porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands

  • Credential harvesting Linux Specific

  • https://github.com/huntergregal/mimipenguin

  • https://github.com/n1nj4sec/mimipy

  • https://github.com/dirtycow/dirtycow.github.io

  • https://github.com/mthbernardes/sshLooterC - SSH Credential loot

  • https://github.com/blendin/3snake - SSH / Sudo / SU Credential loot

  • https://github.com/0xmitsurugi/gimmecredz

  • https://github.com/TarlogicSecurity/tickey - Tool to extract Kerberos tickets from Linux kernel keys.

  • Data Exfiltration - DNS/ICMP/Wifi Exfiltration

  • https://github.com/FortyNorthSecurity/Egress-Assess

  • https://github.com/p3nt4/Invoke-TmpDavFS

  • https://github.com/DhavalKapil/icmptunnel

  • https://github.com/iagox86/dnscat2

  • https://github.com/Arno0x/DNSExfiltrator

  • https://github.com/spieglt/FlyingCarpet - Wifi Exfiltration

  • https://github.com/SECFORCE/Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP

  • https://github.com/sysdream/chashell

  • https://github.com/no0be/DNSlivery - Easy files and payloads delivery over DNS

Staging

  • Rapid Attack Infrastructure (RAI) Red Team Infrastructure... Quick... Fast... Simplified One of the most tedious phases of a Red Team Operation is usually the infrastructure setup. This usually entails a teamserver or controller, domains, redirectors, and a Phishing server. https://github.com/obscuritylabs/RAI

  • Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams. https://github.com/byt3bl33d3r/Red-Baron

  • EvilURL generate unicode evil domains for IDN Homograph Attack and detect them. https://github.com/UndeadSec/EvilURL

  • Domain Hunter checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names. https://github.com/threatexpress/domainhunter

  • PowerDNS is a simple proof of concept to demonstrate the execution of PowerShell script using DNS only. https://github.com/mdsecactivebreach/PowerDNS

  • Chameleon a tool for evading Proxy categorisation. https://github.com/mdsecactivebreach/Chameleon

  • CatMyFish Search for categorized domain that can be used during red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. https://github.com/Mr-Un1k0d3r/CatMyFish

  • Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. https://github.com/rsmudge/Malleable-C2-Profiles

  • Malleable-C2-Randomizer This script randomizes Cobalt Strike Malleable C2 profiles through the use of a metalanguage, hopefully reducing the chances of flagging signature-based detection controls. https://github.com/bluscreenofjeff/Malleable-C2-Randomizer

  • FindFrontableDomains search for potential frontable domains. https://github.com/rvrsh3ll/FindFrontableDomains

  • Postfix-Server-Setup Setting up a phishing server is a very long and tedious process. It can take hours to setup, and can be compromised in minutes. https://github.com/n0pe-sled/Postfix-Server-Setup

  • DomainFrontingLists a list of Domain Frontable Domains by CDN. https://github.com/vysec/DomainFrontingLists

  • Apache2-Mod-Rewrite-Setup Quickly Implement Mod-Rewrite in your infastructure. https://github.com/n0pe-sled/Apache2-Mod-Rewrite-Setup

  • mod_rewrite rule to evade vendor sandboxes. https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10

  • external_c2 framework a python framework for usage with Cobalt Strike's External C2. https://github.com/Und3rf10w/external_c2_framework

  • Malleable-C2-Profiles A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/. https://github.com/xx0hcd/Malleable-C2-Profiles

  • ExternalC2 a library for integrating communication channels with the Cobalt Strike External C2 server. https://github.com/ryhanson/ExternalC2

  • cs2modrewrite a tools for convert Cobalt Strike profiles to modrewrite scripts. https://github.com/threatexpress/cs2modrewrite

  • e2modrewrite a tools for convert Empire profiles to Apache modrewrite scripts. https://github.com/infosecn1nja/e2modrewrite

  • redi automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt). https://github.com/taherio/redi

  • cat-sites Library of sites for categorization. https://github.com/audrummer15/cat-sites

  • ycsm is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2). https://github.com/infosecn1nja/ycsm

  • Domain Fronting Google App Engine. https://github.com/redteam-cyberark/Google-Domain-fronting

  • DomainFrontDiscover Scripts and results for finding domain frontable CloudFront domains. https://github.com/peewpw/DomainFrontDiscover

  • Automated Empire Infrastructure https://github.com/bneg/RedTeam-Automation

  • Serving Random Payloads with NGINX. https://gist.github.com/jivoi/a33ace2e25515a31aa2ffbae246d98c9

  • meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. https://github.com/arlolra/meek

  • CobaltStrike-ToolKit Some useful scripts for CobaltStrike. https://github.com/killswitch-GUI/CobaltStrike-ToolKit

  • mkhtaccess_red Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been seen before, and redirects them to a benign payload. https://github.com/violentlydave/mkhtaccess_red

  • RedFile a flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads. https://github.com/outflanknl/RedFile

  • keyserver Easily serve HTTP and DNS keys for proper payload protection. https://github.com/leoloobeek/keyserver

  • DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike (https://www.cobaltstrike.com). https://github.com/SpiderLabs/DoHC2

  • HTran is a connection bouncer, a kind of proxy server. A “listener” program is hacked stealthily onto an unsuspecting host anywhere on the Internet. https://github.com/HiwinCN/HTran

Buffer Overflow and Exploit Development

  • https://github.com/CyberSecurityUP/Buffer-Overflow-Labs

  • https://github.com/gh0x0st/Buffer_Overflow

  • https://github.com/freddiebarrsmith/Buffer-Overflow-Exploit-Development-Practice

  • https://github.com/21y4d/Windows_BufferOverflowx32

  • https://github.com/johnjhacking/Buffer-Overflow-Guide

  • https://github.com/npapernot/buffer-overflow-attack

  • https://github.com/V1n1v131r4/OSCP-Buffer-Overflow

  • https://github.com/KINGSABRI/BufferOverflow-Kit

  • https://github.com/FabioBaroni/awesome-exploit-development

  • https://github.com/Gallopsled/pwntools

  • https://github.com/hardenedlinux/linux-exploit-development-tutorial

  • https://github.com/Billy-Ellis/Exploit-Challenges

  • https://github.com/wtsxDev/Exploit-Development

MindMaps by Joas

  • https://www.mindmeister.com/pt/1746180947/web-attacks-bug-bounty-and-appsec-by-joas-antonio

  • https://www.mindmeister.com/pt/1760781948/information-security-certifications-by-joas-antonio

  • https://www.mindmeister.com/pt/1781013629/the-best-labs-and-ctf-red-team-and-pentest

  • https://www.mindmeister.com/pt/1760781948/information-security-certifications-by-joas-antonio

  • https://www.mindmeister.com/pt/1746187693/cyber-security-career-knowledge-by-joas-antonio

Lateral Movement

  • https://github.com/0xthirteen/SharpRDP

  • https://github.com/0xthirteen/MoveKit

  • https://github.com/0xthirteen/SharpMove

  • https://github.com/rvrsh3ll/SharpCOM

  • https://github.com/malcomvetter/CSExec

  • https://github.com/byt3bl33d3r/CrackMapExec

  • https://github.com/cube0x0/SharpMapExec

  • https://github.com/nccgroup/WMIcmd

  • https://github.com/rasta-mouse/MiscTools

  • https://github.com/byt3bl33d3r/DeathStar

  • https://github.com/SpiderLabs/portia

  • https://github.com/Screetsec/Vegile

  • https://github.com/DanMcInerney/icebreaker

  • https://github.com/MooseDojo/apt2

  • https://github.com/hdm/nextnet

  • https://github.com/mubix/IOXIDResolver

  • https://github.com/Hackplayers/evil-winrm

  • https://github.com/bohops/WSMan-WinRM

  • https://github.com/dirkjanm/krbrelayx

  • https://github.com/Mr-Un1k0d3r/SCShell

  • https://github.com/rvazarkar/GMSAPasswordReader

  • https://github.com/fdiskyou/hunter

  • https://github.com/360-Linton-Lab/WMIHACKER

  • https://github.com/leechristensen/SpoolSample

  • https://github.com/leftp/SpoolSamplerNET

  • https://github.com/lexfo/rpc2socks

  • https://github.com/checkymander/sshiva

  • https://github.com/dev-2null/ADCollector

POST Exploitation

  • https://github.com/mubix/post-exploitation

  • https://github.com/emilyanncr/Windows-Post-Exploitation

  • https://github.com/nettitude/Invoke-PowerThIEf

  • https://github.com/ThunderGunExpress/BADministration

  • https://github.com/bohops/SharpRDPHijack

  • https://github.com/antonioCoco/RunasCs

  • https://github.com/klsecservices/Invoke-Vnc

  • https://github.com/mandatoryprogrammer/CursedChrome

  • https://github.com/djhohnstein/WireTap

  • https://github.com/GhostPack/Lockless

  • https://github.com/infosecn1nja/SharpDoor

  • Phishing Tools

  • https://github.com/hlldz/pickl3

  • https://github.com/shantanu561993/SharpLoginPrompt

  • https://github.com/Dviros/CredsLeaker

  • https://github.com/bitsadmin/fakelogonscreen

  • https://github.com/CCob/PinSwipe

Wrapper for various tools

  • https://github.com/bohops/GhostBuild

  • https://github.com/S3cur3Th1sSh1t/PowerSharpPack

  • https://github.com/rvrsh3ll/Rubeus-Rundll32

  • https://github.com/checkymander/Zolom

Active Directory Audit and exploit tools

  • https://github.com/mwrlabs/SharpGPOAbuse

  • https://github.com/BloodHoundAD/BloodHound

  • https://github.com/BloodHoundAD/SharpHound3

  • https://github.com/chryzsh/awesome-bloodhound

  • https://github.com/hausec/Bloodhound-Custom-Queries

  • https://github.com/CompassSecurity/BloodHoundQueries

  • https://github.com/vletoux/pingcastle

  • https://github.com/cyberark/ACLight

  • https://github.com/canix1/ADACLScanner

  • https://github.com/fox-it/Invoke-ACLPwn

  • https://github.com/NinjaStyle82/rbcd_permissions

  • https://github.com/NotMedic/NetNTLMtoSilverTicket

  • https://github.com/dirkjanm/ldapdomaindump

Web Vulnerability Scanner / Burp Plugins

  • https://github.com/m4ll0k/WAScan - all in one scanner

  • https://github.com/s0md3v/XSStrike - XSS discovery

  • https://github.com/federicodotta/Java-Deserialization-Scanner

  • https://github.com/d3vilbug/HackBar

  • https://github.com/gyoisamurai/GyoiThon

  • https://github.com/snoopysecurity/awesome-burp-extensions

  • https://github.com/sting8k/BurpSuite_403Bypasser - Burpsuite Extension to bypass 403 restricted directory

  • https://github.com/BishopFox/GadgetProbe

Web Exploitation Tools

  • https://github.com/OsandaMalith/LFiFreak - lfi

  • https://github.com/enjoiz/XXEinjector - xxe

  • https://github.com/tennc/webshell - shellz

  • https://github.com/flozz/p0wny-shell

  • https://github.com/epinna/tplmap - ssti

  • https://github.com/orf/xcat - xpath injection

  • https://github.com/almandin/fuxploider - File Uploads

  • https://github.com/nccgroup/freddy - deserialization

  • https://github.com/irsdl/IIS-ShortName-Scanner - IIS Short Filename Vuln. exploitation

  • https://github.com/frohoff/ysoserial - Deserialize Java Exploitation

  • https://github.com/pwntester/ysoserial.net - Deserialize .NET Exploitation

  • https://github.com/internetwache/GitTools - Exploit .git Folder Existence

  • https://github.com/cujanovic/SSRF-Testing - SSRF Tutorials

  • https://github.com/ambionics/phpggc - PHP Unserialize Payload generator

  • https://github.com/BuffaloWill/oxml_xxe - Malicious Office XXE payload generator

  • https://github.com/tijme/angularjs-csti-scanner - Angularjs Csti Scanner

  • https://github.com/0xacb/viewgen - Deserialize .NET Viewstates

  • https://github.com/Illuminopi/RCEvil.NET - Deserialize .NET Viewstates

Linux Privilege Escalation / Audit

  • https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS - powerfull Privilege Escalation Check Script with nice output

  • https://github.com/mzet-/linux-exploit-suggester

  • https://github.com/rebootuser/LinEnum

  • https://github.com/diego-treitos/linux-smart-enumeration

  • https://github.com/CISOfy/lynis

  • https://github.com/AlessandroZ/BeRoot

  • https://github.com/future-architect/vuls

  • https://github.com/ngalongc/AutoLocalPrivilegeEscalation

  • https://github.com/b3rito/yodo

  • https://github.com/belane/linux-soft-exploit-suggester - lookup vulnerable installed software

  • https://github.com/sevagas/swap_digger

  • https://github.com/NullArray/RootHelper

  • https://github.com/NullArray/MIDA-Multitool

  • https://github.com/initstring/dirty_sock

  • https://github.com/jondonas/linux-exploit-suggester-2

  • https://github.com/sosdave/KeyTabExtract

  • https://github.com/DominicBreuker/pspy

  • https://github.com/itsKindred/modDetective

  • https://github.com/nongiach/sudo_inject

  • https://github.com/Anon-Exploiter/SUID3NUM - find suid bins and look them up under gtfobins / exploitable or not

  • https://github.com/nccgroup/GTFOBLookup - Offline GTFOBins

  • https://github.com/TH3xACE/SUDO_KILLER - sudo misconfiguration exploitation

  • https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py

  • https://github.com/inquisb/unix-privesc-check

  • https://github.com/hc0d3r/tas - easily manipulate the tty and create fake binaries

  • https://github.com/SecWiki/linux-kernel-exploits

  • https://github.com/initstring/uptux

  • https://github.com/andrew-d/static-binaries - not really privesc but helpfull

Command and Control

  • Cobalt Strike is software for Adversary Simulations and Red Team Operations. https://cobaltstrike.com/

  • Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. https://github.com/EmpireProject/Empire

  • Metasploit Framework is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. https://github.com/rapid7/metasploit-framework

  • SILENTTRINITY A post-exploitation agent powered by Python, IronPython, C#/.NET. https://github.com/byt3bl33d3r/SILENTTRINITY

  • Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python. https://github.com/n1nj4sec/pupy

  • Koadic or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. https://github.com/zerosum0x0/koadic

  • PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. https://github.com/nettitude/PoshC2_Python

  • Gcat a stealthy Python based backdoor that uses Gmail as a command and control server. https://github.com/byt3bl33d3r/gcat

  • TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution. https://github.com/trustedsec/trevorc2

  • Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. https://github.com/Ne0nd0g/merlin

  • Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. https://github.com/quasar/QuasarRAT

  • Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. https://github.com/cobbr/Covenant

  • FactionC2 is a C2 framework which use websockets based API that allows for interacting with agents and transports. https://github.com/FactionC2/

  • DNScat2 is a tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. https://github.com/iagox86/dnscat2

  • Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. https://github.com/BishopFox/sliver

  • EvilOSX An evil RAT (Remote Administration Tool) for macOS / OS X. https://github.com/Marten4n6/EvilOSX

  • EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. https://github.com/neoneggplant/EggShell

Adversary Emulation

  • MITRE CALDERA - An automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. https://github.com/mitre/caldera

  • APTSimulator - A Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. https://github.com/NextronSystems/APTSimulator

  • Atomic Red Team - Small and highly portable detection tests mapped to the Mitre ATT&CK Framework. https://github.com/redcanaryco/atomic-red-team

  • Network Flight Simulator - flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. https://github.com/alphasoc/flightsim

  • Metta - A security preparedness tool to do adversarial simulation. https://github.com/uber-common/metta

  • Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK. https://github.com/endgameinc/RTA

Repositores

  • https://github.com/infosecn1nja/Red-Teaming-Toolkit

  • https://github.com/S3cur3Th1sSh1t/Pentest-Tools

  • https://github.com/yeyintminthuhtut/Awesome-Red-Teaming

  • https://github.com/enaqx/awesome-pentest

  • https://github.com/Muhammd/Awesome-Pentest

  • https://github.com/CyberSecurityUP/Awesome-PenTest-Practice

  • https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU

  • https://github.com/0x4D31/awesome-oscp

  • https://github.com/six2dez/OSCP-Human-Guide

  • https://github.com/RustyShackleford221/OSCP-Prep

  • https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md

Malware Analysis and Reverse Engineering

  • https://github.com/rshipp/awesome-malware-analysis

  • https://github.com/topics/malware-analysis

  • https://github.com/Apress/malware-analysis-detection-engineering

  • https://github.com/SpiderLabs/malware-analysis

  • https://github.com/ytisf/theZoo

  • https://github.com/arxlan786/Malware-Analysis

  • https://github.com/nheijmans/malzoo

  • https://github.com/mikesiko/PracticalMalwareAnalysis-Labs

  • https://github.com/secrary/SSMA

  • https://github.com/merces/aleph

  • https://github.com/mentebinaria/retoolkit

  • https://github.com/mytechnotalent/Reverse-Engineering

  • https://github.com/wtsxDev/reverse-engineering

  • https://github.com/mentebinaria/retoolkit

  • https://github.com/topics/reverse-engineering

  • https://github.com/0xZ0F/Z0FCourse_ReverseEngineering

  • https://github.com/NationalSecurityAgency/ghidra

  • https://github.com/hax0rtahm1d/Reverse-Engineering

  • https://github.com/tylerha97/awesome-reversing

Metadata

483
Stars
132
Forks
Watchers

Owner

verified publisher icon CyberSecurityUP

Metadata

Back