#Redteam-tools
Showing 60 of 89 repositories tagged #redteam-tools, ranked by stars
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Cyber Security ALL-IN-ONE Platform
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
一款适用于红蓝对抗中的仿真钓鱼系统
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
OffSec OSINT Pentest/RedTeam Tools
An IIS short filename enumeration tool
Dangerously fast DNS/network/port scanner
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.
a tool to help operate in EDRs' blind spots
A tool that shows detailed information about named pipes in Windows
ffffffff0x team toolset for penetration testing, cryptography research, CTF and daily use. | ffffffff0x 团队工具集,用来进行渗透测试,密码学研究,CTF和日常使用。
一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集,降低红队技术门槛的手册【持续更新】
Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
针对于红队攻击思维做出的red team模式(破限项目,封号概不负责)##可自行适配其他AI
C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
Discover new target domains using Content Security Policy
Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.
RPC Monitor tool based on Event Tracing for Windows
市场上虽然存在大量的网络安全工具和软件,但它们大多针对某一特定领域或功能,缺乏一个统一的、集成的、易于使用的综合工具平台。这导致参赛者在CTF竞赛中需要频繁切换不同的工具,不仅降低了工作效率,还增加了操作失误的风险。由gitee转发 ↓
AiScan-N 来了!这是一款基于人工智能驱动的Ai自动化网络安全(运维)工具,专注于网络安全评估、漏洞扫描、运维、应急响应、渗透测试自动化,Ai大模型工具集【CLI Agent】 ,Ai驱动的安全检测技术,提升安全测试(运维)效率,专为企业和个人用户打造,尤其适合初学者(小白)快速上手使用,让你轻松迈入智能安全攻防时代!适用场景 :如(红队演练、CTF比赛、Web应用渗透测试、内网横向移动、密码破解与暴力攻击、流量分析与威胁检测、APT攻击模拟、漏洞赏金挑战等场景)🎥演示视频(文章中):https://mp.weixin.qq.com/s/7lsUdbrxkDy4P5pZhEWv7Q
Perfect DLL Proxying using forwards with absolute paths.
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
Advanced Client-Side Prototype Pollution Scanner
Collection of offensive tools targeting Microsoft Azure
A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
Deploy reverse shells and perform stealthy process injection with EchoStrike – a Go-based tool for ethical hacking and Red Team operations.
Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.
A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.
A turbo traffic generator pentesting tool to generate random traffic with random MAC and IP addresses in addition to random sequence numbers to a particular IP and port.
Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.
The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages, common problem occurring from scraped employee name lists (e.g. from Linkedin). 2. to transliterate a wordlist that may include words/phrases written in multiple (non-Englis
Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes
Intelligent Malware that takes screenshots for entire monitors and exfiltrate them through Trusted Channel Slack to the C2 server that's using GPT-4 Vision to analyze them and construct daily activity — frame by frame
AutoRedTools是一款轻量级一站式自动下载/自动更新常用开源软件的工具,主要帮助安全从业者/安全开发人员快速进行环境搭建以及常用软件的更新,节约软件的更新或者安 装的时间,从而提升生产效率或工作效率。
Collection of script templates to create infinite UAC prompts forcing a user to run as admin ⚠
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
APT Emulation tool to exfiltrate sensitive .docx, .pptx, .xlsx, .pdf files
Your Skyfall Infrastructure Pack
Linux post exploitation tool for info gathering and exfiltration 🐧📡💀
Custom Google search engine dedicated to IT security & hacking stuff. Over 240 high-quality sources.
All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.
Certified Red Team Professional (CRTP) - Notes
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
A Red Team tool for exfiltrating sensitive data from Jira tickets.
A tool to create a SOCKS proxy server out of UPnProxy vulnerable device(s).
mapAccountHijack is a tool designed to carry out a MAP Account hijack attack, which exploits the Message Access Profile (MAP) in Bluetooth Classic, enables the theft of MFA and OTPs leading to the successful hijacking of accounts on services that rely on SMS OTPs during login or recovery. Tool leaks phone numbers, emails, can send and retrieve SMS
Wiki漏洞库管理系统&网络安全知识库-渗透测试常见漏洞知识库文档-该网站收集了Web应用层漏洞、中间件安全缺陷、系统配置不当、移动端(Android)安全问题、权限提升、RCE、网络设备及IOT安全。
Web Hacking and Red Teaming MindMap
A Bumblebee-inspired Crypter
Research framework that quantifies how steganographic obfuscation of embeddings defeats off-the-shelf statistical detection in RAG pipelines, paired with the VectorPin cryptographic-provenance defense
Exploits Scripts and other tools that are useful during Penetration-Testing or Red Team engagement