Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for penetration testing red team
penetration-testing
x
red-team
x
36 search results found
Payloadsallthethings
⭐
57,656
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Sherlock
⭐
53,337
Hunt down social media accounts by username across social networks
Dirsearch
⭐
11,709
Web path scanner
Red Teaming Toolkit
⭐
8,230
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Nishang
⭐
7,771
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Cve
⭐
5,806
Gather and update all available and newest CVEs with their PoC.
Yakit
⭐
5,790
Cyber Security ALL-IN-ONE Platform
Infosec_reference
⭐
5,348
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
1earn
⭐
5,171
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Redteam Tools
⭐
4,019
Tools and Techniques for Red Team / Penetration Testing
Redteaming Tactics And Techniques
⭐
3,965
Red Teaming Tactics and Techniques
Red Team Infrastructure Wiki
⭐
3,934
Wiki to collect Red Team infrastructure hardening resources
Kubernetes Goat
⭐
3,694
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Villain
⭐
3,376
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Kscan
⭐
3,061
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议
Black Hat Rust
⭐
2,662
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Snoop
⭐
2,530
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Penetration Testing Tools
⭐
2,393
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
Stowaway
⭐
2,195
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Venom
⭐
1,995
Venom - A Multi-hop Proxy for Penetration Testers
Ligolo Ng
⭐
1,950
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Ezxss
⭐
1,715
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Diamorphine
⭐
1,639
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Netexec
⭐
1,596
The Network Execution Tool
Cloakify
⭐
1,515
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Collection Document
⭐
1,416
Collection of quality safety articles. Awesome articles.
Sprayingtoolkit
⭐
1,360
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
A Red Teamer Diaries
⭐
1,294
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Lockdoor Framework
⭐
1,254
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Sessiongopher
⭐
1,181
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Perun
⭐
1,037
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫
Inventory
⭐
1,019
Asset inventory of over 800 public bug bounty programs.
Awesome Redteam Cheatsheet
⭐
1,017
Red Team Cheatsheet in constant expansion.
Ssh Snake
⭐
874
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
Rusthound
⭐
812
Active Directory data collector for BloodHound written in Rust. 🦀
Aboutsecurity
⭐
762
Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
Vcenterkit
⭐
754
Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
Cloudbrute
⭐
750
Awesome cloud enumerator
Leaky Paths
⭐
746
A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Octopus
⭐
722
Open source pre-operation C2 server based on python and powershell
Awesome List Of Secrets In Environment Variables
⭐
722
🦄🔒 Awesome list of secrets in environment variables 🖥️
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Blackmamba
⭐
688
C2/post-exploitation framework
Fireelf
⭐
637
fireELF - Fileless Linux Malware Framework
Packetwhisper
⭐
621
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Cve 2021 44228 Poc Log4j Bypass Words
⭐
611
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Chashell
⭐
599
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Aiodnsbrute
⭐
579
Python 3.5+ DNS asynchronous brute force utility
Impost3r
⭐
556
👻Impost3r -- A linux password thief
Resolvers
⭐
536
The most exhaustive list of reliable DNS resolvers.
Bigbountyrecon
⭐
471
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Whonow
⭐
462
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
Slackor
⭐
459
A Golang implant that uses Slack as a command and control server
Pentest101
⭐
456
一些关于渗透测试的Tips
Cobaltstrike Ms17 010
⭐
418
cobaltstrike ms17-010 module and some other
Gtfonow
⭐
414
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
Dome
⭐
412
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
Spoofy
⭐
394
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Supernova
⭐
389
Real fucking shellcode encryption tool
Ttps
⭐
388
Tactics, Techniques, and Procedures
Physmem2profit
⭐
383
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Bounceback
⭐
382
↕️🤫 Stealth redirector for your red team operation security
Offensive Osint Tools
⭐
373
OffSec OSINT Pentest/RedTeam Tools
Power Pwn
⭐
370
An offensive and defensive security toolset for Microsoft 365 Power Platform
Hershell
⭐
367
Hershell is a simple TCP reverse shell written in Go.
Red_team_attack_lab
⭐
360
Red Team Attack Lab for TTP testing & research
Emploleaks
⭐
352
An OSINT tool that helps detect members of a company with leaked credentials
Offensive Reverse Shell Cheat Sheet
⭐
351
Collection of reverse shells for red team operations, penetration testing, and offensive security.
Awesome Windows Red Team
⭐
340
A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
Msfmania
⭐
321
Python AV Evasion Tools
Girsh
⭐
320
Automatically spawn a reverse shell fully interactive for Linux or Windows victim
Superman
⭐
319
🤖 Kill The Protected Process 🤖
Gray_hat_csharp_code
⭐
274
This repository contains full code examples from the book Gray Hat C#
Godgenesis
⭐
260
A Python3 based C2 server to make life of red teamer a bit easier. The payload is capable to bypass all the known antiviruses and endpoints.
Maldev
⭐
235
Golang library for malware development
The_cyber_plumbers_handbook
⭐
234
Free copy of The Cyber Plumber's Handbook
Wifi Dumper
⭐
233
This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi penetration testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements.
Nacs
⭐
230
事件驱动的渗透测试扫描器 Event-driven pentest scanner
Graphql Cop
⭐
229
Security Auditor Utility for GraphQL APIs
Cvemon
⭐
228
Monitoring exploits & references for CVEs
Covermyass
⭐
227
Post-exploitation tool to cover your tracks on a compromised machine
Nativepayloads
⭐
219
All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming
Nimscan
⭐
218
🚀 Fast Port Scanner 🚀
Cervantes
⭐
215
Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.
N0kovo_subdomains
⭐
214
An extremely effective subdomain wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
Internalallthethings
⭐
213
Active Directory and Internal Pentest Cheatsheets
Dns Persist
⭐
211
DNS-Persist is a post-exploitation agent which uses DNS for command and control.
Sharpunhooker
⭐
210
C# Based Universal API Unhooker
Gtfoblookup
⭐
206
Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io), LOLBAS (https://github.com/LOLBAS-Project/LOLBAS), WADComs (https://wadcoms.github.io), and HijackLibs (https://hijacklibs.net/).
Diablo
⭐
192
Diablo ~ Hacking / Pentesting & Reporting
Dart
⭐
185
DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
Brutas
⭐
180
Wordlists handcrafted (and automated) with ♥
Jiraffe
⭐
178
One stop place for exploiting Jira instances in your proximity
Invoke Apex
⭐
175
A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Oscp_bible
⭐
174
This is a collection of resources, scripts, bookmarks, writeups, notes, cheatsheets that will help you in OSCP Preparation as well as for general pentesting and learning. If you feel like you can contribute in it. Please do that, I'll appreciate you.
Hooka
⭐
163
Evasive shellcode loader, hooks detector and more
Pentesting Bugbounty
⭐
162
Bringing infosec community, group and leaders together that solve community challenges, problems, create cultural and provide value to Infosec community.
Aggressor_scripts
⭐
161
A collection of useful scripts for Cobalt Strike
Link
⭐
160
link is a command and control framework written in rust
Amnesiac
⭐
157
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
Related Searches
Security Penetration Testing (735)
Shell Penetration Testing (398)
Scanner Penetration Testing (373)
Python Penetration Testing (359)
Exploitation Penetration Testing (353)
1-36 of 36 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.