Search the Community

Collection of 100+ tools and resources that can be useful for red teaming activities. Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context. Warning The materials in this repository are for informational and educational purposes only. They are not intended for use in any illegal activities. Tool List Red Team Tips Hiding the local admin account @Alh4zr3d Cripple windows defender by deleting signatures @Alh4zr3d Enable multiple RDP sessions per user @Alh4zr3d Sysinternals PsExec.exe local alternative @GuhnooPlusLinux Live off the land port scanner @Alh4zr3d Proxy aware PowerShell DownloadString @Alh4zr3d Looking for internal endpoints in browser bookmarks @Alh4zr3d Query DNS records for enumeration @Alh4zr3d Unquoted service paths without PowerUp @Alh4zr3d Bypass a disabled command prompt with /k Martin Sohn Christensen Stop windows defender deleting mimikatz.exe @GuhnooPlusLinux Check if you are in a virtual machine @dmcxblue Reconnaissance crt.sh -> httprobe -> EyeWitness Automated domain screenshotting jsendpoints Extract page DOM links nuclei Vulnerability scanner certSniff Certificate transparency log keyword sniffer gobuster Website path brute force dnsrecon Enumerate DNS records Shodan.io Public facing system knowledge base AORT (All in One Recon Tool) Subdomain enumeration spoofcheck SPF/DMARC record checker AWSBucketDump S3 bucket enumeration GitHarvester GitHub credential searcher truffleHog GitHub credential scanner Dismap Asset discovery/identification enum4linux Windows/samba enumeration skanuvaty Dangerously fast dns/network/port scanner Metabigor OSINT tool without API Gitrob GitHub sensitive information scanner gowitness Web screenshot utility using Chrome Headless Resource Development Chimera PowerShell obfuscation msfvenom Payload creation WSH Wsh payload HTA Hta payload VBA Vba payload Initial Access Bash Bunny USB attack tool EvilGoPhish Phishing campaign framework The Social-Engineer Toolkit Phishing campaign framework Hydra Brute force tool SquarePhish OAuth/QR code phishing framework King Phisher Phishing campaign framework Execution Responder LLMNR, NBT-NS and MDNS poisoner secretsdump Remote hash dumper evil-winrm WinRM shell Donut In-memory .NET execution Macro_pack Macro obfuscation PowerSploit PowerShell script suite Rubeus Active directory hack tool SharpUp Windows vulnerability identifier SQLRecon Offensive MS-SQL toolkit Persistence Impacket Python script suite Empire Post-exploitation framework SharPersist Windows persistence toolkit Privilege Escalation LinPEAS Linux privilege escalation WinPEAS Windows privilege escalation linux-smart-enumeration Linux privilege escalation Certify Active directory privilege escalation Get-GPPPassword Windows password extraction Sherlock PowerShell privilege escalation tool Watson Windows privilege escalation tool ImpulsiveDLLHijack DLL Hijack tool ADFSDump AD FS dump tool Defense Evasion Invoke-Obfuscation Script obfuscator Veil Metasploit payload obfuscator SharpBlock EDR bypass via entry point execution prevention Alcatraz GUI x64 binary obfuscator Credential Access Mimikatz Windows credential extractor LaZagne Local password extractor hashcat Password hash cracking John the Ripper Password hash cracking SCOMDecrypt SCOM Credential Decryption Tool nanodump LSASS process minidump creation eviltree Tree remake for credential discovery SeeYouCM-Thief Cisco phone systems configuration file parsing Discovery PCredz Credential discovery PCAP/live interface PingCastle Active directory assessor Seatbelt Local vulnerability scanner ADRecon Active directory recon adidnsdump Active Directory Integrated DNS dumping Lateral Movement crackmapexec Windows/Active directory lateral movement toolkit WMIOps WMI remote commands PowerLessShell Remote PowerShell without PowerShell PsExec Light-weight telnet-replacement LiquidSnake Fileless lateral movement Enabling RDP Windows RDP enable command Upgrading shell to meterpreter Reverse shell improvement Forwarding Ports Local port forward command Jenkins reverse shell Jenkins shell command ADFSpoof Forge AD FS security tokens kerbrute A tool to perform Kerberos pre-auth bruteforcing Collection BloodHound Active directory visualisation Snaffler Active directory credential collector Command and Control Havoc Command and control framework Covenant Command and control framework (.NET) Merlin Command and control framework (Golang) Metasploit Framework Command and control framework (Ruby) Pupy Command and control framework (Python) Brute Ratel Command and control framework ($$$) Exfiltration Dnscat2 C2 via DNS tunneling Cloakify Data transformation for exfiltration PyExfil Data exfiltration PoC Powershell RAT Python based backdoor GD-Thief Google drive exfiltration Impact Conti Pentester Guide Leak Conti ransomware group affilate toolkit SlowLoris Simple denial of service [hide][Hidden Content]]

RedTeam Toolkit Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities. The cybersecurity open-source projects are integrated with what will be a powerful toolkit together. Currently, it supports the following options: FullScan (scan ports and vulnerabilities/CVEs on the target – PDF output) Livehosts (scan all live hosts in the network scale – PDF output) DirScan (scan all directories on a target – PDF output) CVE Description ( CveID Search) SSH Dictionary Attack RDP BruteForce WebApps Section F5 BIG-IP PoC ( CVE-2022-1388 ) Apache Path Traversal PoC ( CVE-2021-41773 ) Automated XSS Finder Web Crawler for gathering URLs SubDomain Enumeration HTTP Verb Tampering (SQLi will be added soon) Windows Section (Being updated, other major CVEs will be added) Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 ) Linux Section to implement major Linux CVEs (UNDER MAINTENANCE) Changelog v0.1.5 The Dockerized version (#19 ) of the RedTeam Toolkit. is deployed now Moreover, it now includes the following new modules: CVE-2022-1388 PoC (for F5 BIG-IP Automated XSS Finder to server a website and find XSS on that A new module for content discovery (Gathering all URLs) [hide][Hidden Content]]