#Redteam
Showing 60 of 374 repositories tagged #redteam, ranked by stars
Hunt down social media accounts by username across social networks
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
🕵️♂️ Collect a dossier on a person by username from 3000+ sites
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
E-mails, subdomains and names Harvester - OSINT
Web path scanner
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Tools and Techniques for Red Team / Penetration Testing
Cyber Security ALL-IN-ONE Platform
The all-in-one browser extension for offensive security professionals 🛠
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Adversary simulation and Red teaming platform with AI
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
List of Awesome CobaltStrike Resources
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Automation for internal Windows Penetrationtest / AD-Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
🔍 Search anyone's digital footprint across 300+ websites
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
👻Stowaway -- Multi-hop Proxy Tool for pentesters
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
Projects for security students
Free copy of The Cyber Plumber's Handbook - The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss.
generate CobaltStrike's cross-platform payload
红队作战中比较常遇到的一些重点系统漏洞整理。
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Active Directory and Internal Pentest Cheatsheets
Venom - A Multi-hop Proxy for Penetration Testers
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Collection of quality safety articles. Awesome articles.
面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams
CyberSecurityRSS: A collection of cybersecurity rss to make you better!
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Repository for advanced Red Team techniques focused on Rust
A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.
DetectDee: Hunt down social media accounts by username, email or phone across social networks.
Awesome Security lists for SOC/CERT/CTI
开源、轻量、快速、跨平台 的网站漏洞扫描工具,帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
Everything for pentest. | 渗透测试知识库,以 AI Agent 可执行的格式沉淀安全方法论。
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
一款适用于红蓝对抗中的仿真钓鱼系统
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive analysis end to end.
记录自己编写、修改的部分工具
Username tools for penetration testing
Bloodhound Reporting for Blue and Purple Teams
A detailed plan to achieve proficiency in hacking and penetration testing, with pathways including obtaining a degree in cybersecurity or earning relevant certifications.
Red Team Cheatsheet in constant expansion.
OffSec OSINT Pentest/RedTeam Tools