Awesome Open Source
Awesome Open Source
Application Programming Interfaces
Command Line Interface
Integrated Development Environments
Lists Of Projects
User Interface Components
Web User Interface
The Top 99 Redteam Open Source Projects
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Become A Software Engineer At Top Companies
Identify your strengths with a free online coding quiz, and skip resume and recruiter screens at multiple companies at once. It's free, confidential, includes a free flight and hotel, along with help to study to pass interviews and negotiate a high salary!
🔎 Hunt down social media accounts by username across social networks
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
E-mails, subdomains and names Harvester - OSINT
Curated list of Unix binaries that can be exploited to bypass system security restrictions
Awesome Red Teaming
List of Awesome Red Teaming Resources
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Collection of quality safety articles
Redteam Tactics And Techniques
Red Teaming Tactics and Techniques
The goal of this repository is to document the most common techniques to bypass AppLocker.
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Venom - A Multi-hop Proxy for Penetration Testers
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
Automation for internal Windows Penetrationtest / AD-Security
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Rootkits List Download
This is the list of all rootkits found so far on github and other sites.
Utilities for MITRE™ ATT&CK
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
mXtract - Memory Extractor & Analyzer
Scan your code for security misconfiguration, search for passwords and secrets. 🔍
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Writing custom backdoor payloads with C# - Defcon 27 Workshop
fireELF - Fileless Linux Malware Framework
Hershell is a simple TCP reverse shell written in Go.
Load shellcode into a new process
Open source pre-operation C2 server based on python and powershell
a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
Open-Source PE Packer
🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)
👻Impost3r -- A linux password thief
Command references and resources for different topics
Network Pivoting Toolkit
Cobaltstrike Ms17 010
cobaltstrike ms17-010 module and some other
This repository contains full code examples from the book Gray Hat C#
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of TIPS reach 1000 TIPS .Learn Ethical Hacking and penetration testing.and of course OSINT
Reverse Shell Cheatsheet
🙃 Reverse Shell Cheat Sheet 🙃
Collection of PoC and offensive techniques used by the BlackArrow Red Team
Tool to enumerate information from NTLM authentication enabled web endpoints 🔎
Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.
I See You
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
generate CobaltStrike's cross-platform payload
A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy
Test Blue Team detections without running any attack.
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Awesome cloud enumerator
Overlord - Red Teaming Infrastructure Automation
DNS-Persist is a post-exploitation agent which uses DNS for command and control.
FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
Remote Desktop Caching
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Redteam Hardware Toolkit
🔺 Red Team Hardware Toolkit 🔺
Taie Redteam Os
Monitoring your Slack workspaces for sensitive information
Passwords Recovery Tool
Linux C2 框架demo，为期2周的”黑客编程马拉松“，从学习编程语言开始到实现一个demo的产物
A list of payload and bypass lists for penetration testing and red team infrastructure build.
The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.
Red Team Infrastructure Automation
Disposable and resilient red team infrastructure with Terraform
Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)
A collection of scripts I've written to help red and blue teams with malware persistence techniques.
A PowerShell module to deploy active directory decoy objects.
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
New UAC bypass for Silent Cleanup for CobaltStrike
Extensible Red Team Framework
DeepSea Phishing Gear
Project to enumerate proxy configurations and generate shellcode from CobaltStrike
mosquito - Automating reconnaissance and brute force attacks
The Collective. A repo for a collection of red-team projects found mostly on Github.
🚀 Fast Port Scanner 🚀
A set of recipes useful in fast-paced pentesting / red teaming scenarios
Script collection to bypass Network Access Control (NAC, 802.1x)
Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
A collection of electronic hacker magazines carefully curated over the years from multiple sources
Red Team Curation List
A list to discover work of red team tooling and methodology for penetration testing and security assessment
Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File
backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.
Reproducible and extensible BloodHound playbooks
1-99 of 99 projects