#Redteaming
Showing 60 of 122 repositories tagged #redteaming, ranked by stars
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
The Rogue Access Point Framework
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
๐ Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!
๐ Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Red Team Cheatsheet in constant expansion.
OffSec OSINT Pentest/RedTeam Tools
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
An offensive/defense security toolset for discovery, recon and ethical assessment of AI Agents
Leaked pentesting manuals given to Conti ransomware crooks
Deploy stealthy reverse shells using advanced process hollowing with GhostStrike โ a C++ tool for ethical hacking and Red Team operations.
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
crawls the website and finds broken social media links that can be hijacked
a tool to help operate in EDRs' blind spots
C2 infrastructure over Microsoft Teams.
EmailAll is a powerful Email Collect tool โ ไธๆฌพๅผบๅคง็้ฎ็ฎฑๆถ้ๅทฅๅ ท
This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically for use with Evilginx3. May be updated periodically.
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
๐ฆซ | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.
Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.
Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
Collection of PowerShell functions a Red Teamer may use in an engagement
Collection of reverse shells for red team operations.
This repo contains my own Ducky/BadUSB scripts, related PowerShell scripts and other Flipper Zero related stuff.
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions
Evasion by machine code de-optimization.
Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Advanced Client-Side Prototype Pollution Scanner
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
Weaponized HellsGate/SigFlip
A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
Deploy reverse shells and perform stealthy process injection with EchoStrike โ a Go-based tool for ethical hacking and Red Team operations.
one-stop resource for all things offensive security.
A turbo traffic generator pentesting tool to generate random traffic with random MAC and IP addresses in addition to random sequence numbers to a particular IP and port.
My public notes about offensive security
Build sneaky & malicious LNK files.
CVE 2021-21315 PoC
Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.
Stego is an open-source and free steganography tool that lets you hide your secret message in an image or audio file. You will not notice any change in the image or audio file. However, your secret message will be inside the original image or audio file
The Red-book: The Art of Offensive CyberSecurity
Cross-platform username reconnaissance tool built for OSINT investigators, cyber threat analysts, red teamers, and CTF enthusiasts.
Intelligent Malware that takes screenshots for entire monitors and exfiltrate them through Trusted Channel Slack to the C2 server that's using GPT-4 Vision to analyze them and construct daily activity โ frame by frame
Signing-key abuse and update exploitation framework
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments
phpMyAdmin XSS
Contained is all my reference material for my OSCP / Red Teaming. Designed to be a one stop shop for code, guides, command syntax, and high level strategy. One simple clone and you have access to some of the most popular tools used for pentesting.
Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python.