Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for penetration testing red team
penetration-testing
x
red-team
x
46 search results found
Payloadsallthethings
⭐
55,999
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Dirsearch
⭐
11,165
Web path scanner
Red Teaming Toolkit
⭐
8,230
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Nishang
⭐
7,771
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Cve
⭐
5,806
Gather and update all available and newest CVEs with their PoC.
Yakit
⭐
5,790
Cyber Security ALL-IN-ONE Platform
Infosec_reference
⭐
5,348
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
1earn
⭐
4,841
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Redteam Tools
⭐
4,019
Tools and Techniques for Red Team / Penetration Testing
Red Team Infrastructure Wiki
⭐
3,915
Wiki to collect Red Team infrastructure hardening resources
Redteaming Tactics And Techniques
⭐
3,744
Red Teaming Tactics and Techniques
Kubernetes Goat
⭐
3,694
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Villain
⭐
3,376
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Discover
⭐
3,238
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
Winpwn
⭐
3,151
Automation for internal Windows Penetrationtest / AD-Security
Kscan
⭐
3,061
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议
Black Hat Rust
⭐
2,662
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Snoop
⭐
2,530
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Awesome Mobile Security
⭐
2,511
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Penetration Testing Tools
⭐
2,393
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
Stowaway
⭐
2,195
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Malicious Pdf
⭐
2,029
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Ligolo Ng
⭐
1,950
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Venom
⭐
1,911
Venom - A Multi-hop Proxy for Penetration Testers
Bypassav
⭐
1,898
This map lists the essential techniques to bypass anti-virus and EDR
Ezxss
⭐
1,715
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Diamorphine
⭐
1,639
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Netexec
⭐
1,596
The Network Execution Tool
Cloakify
⭐
1,483
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Gitjacker
⭐
1,466
🔪 :octocat: Leak git repositories from misconfigured websites
Macro_pack
⭐
1,420
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
Collection Document
⭐
1,416
Collection of quality safety articles. Awesome articles.
Platypus
⭐
1,372
🔨 A modern multiple reverse shell sessions manager written in go
Sprayingtoolkit
⭐
1,360
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
A Red Teamer Diaries
⭐
1,294
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Lockdoor Framework
⭐
1,254
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Security List
⭐
1,181
If you have any good suggestions or comments during the search process, please feedback some index experience in issues. Thank you for your participation.查阅过程中,如果有什么好的意见或建议,请在Issues反馈,感谢您的参与
Sessiongopher
⭐
1,143
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Goofuzz
⭐
1,119
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
Ghostwriter
⭐
1,116
The SpecterOps project management and reporting engine
Goby
⭐
1,081
Attack surface mapping
Autordpwn
⭐
1,043
The Shadow Attack Framework
Perun
⭐
1,037
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫
Inventory
⭐
1,019
Asset inventory of over 800 public bug bounty programs.
Awesome Redteam Cheatsheet
⭐
1,017
Red Team Cheatsheet in constant expansion.
Ssh Snake
⭐
874
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
Rusthound
⭐
812
Active Directory data collector for BloodHound written in Rust. 🦀
Aboutsecurity
⭐
762
Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
Vcenterkit
⭐
754
Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
Cloudbrute
⭐
750
Awesome cloud enumerator
Leaky Paths
⭐
746
A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Awesome List Of Secrets In Environment Variables
⭐
722
🦄🔒 Awesome list of secrets in environment variables 🖥️
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Octopus
⭐
705
Open source pre-operation C2 server based on python and powershell
Blackmamba
⭐
688
C2/post-exploitation framework
Fireelf
⭐
620
fireELF - Fileless Linux Malware Framework
Cve 2021 44228 Poc Log4j Bypass Words
⭐
611
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Packetwhisper
⭐
605
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Chashell
⭐
599
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Aiodnsbrute
⭐
579
Python 3.5+ DNS asynchronous brute force utility
Powershell Obfuscation Bible
⭐
574
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
Mxtract
⭐
573
mXtract - Memory Extractor & Analyzer
Impost3r
⭐
556
👻Impost3r -- A linux password thief
Resolvers
⭐
536
The most exhaustive list of reliable DNS resolvers.
Dref
⭐
482
DNS Rebinding Exploitation Framework
Bigbountyrecon
⭐
471
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Overlord
⭐
463
Overlord - Red Teaming Infrastructure Automation
Whonow
⭐
462
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
Pentest101
⭐
456
一些关于渗透测试的Tips
Cobalt_strike_extension_kit
⭐
453
Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
Slackor
⭐
452
A Golang implant that uses Slack as a command and control server
Powershell Red Team
⭐
437
Collection of PowerShell functions a Red Teamer may use in an engagement
Gtfonow
⭐
414
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
Dome
⭐
412
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
Cobaltstrike Ms17 010
⭐
412
cobaltstrike ms17-010 module and some other
Spoofy
⭐
394
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Supernova
⭐
389
Real fucking shellcode encryption tool
Ttps
⭐
388
Tactics, Techniques, and Procedures
Rekono
⭐
385
Pentesting automation platform that combines hacking tools to complete assessments
Physmem2profit
⭐
383
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Pentmenu
⭐
382
A bash script for recon and DOS attacks
Bounceback
⭐
382
↕️🤫 Stealth redirector for your red team operation security
Serpentine
⭐
379
C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
Offensive Osint Tools
⭐
373
OffSec OSINT Pentest/RedTeam Tools
Power Pwn
⭐
370
An offensive and defensive security toolset for Microsoft 365 Power Platform
Hershell
⭐
367
Hershell is a simple TCP reverse shell written in Go.
Red_team_attack_lab
⭐
360
Red Team Attack Lab for TTP testing & research
Emploleaks
⭐
352
An OSINT tool that helps detect members of a company with leaked credentials
Offensive Reverse Shell Cheat Sheet
⭐
351
Collection of reverse shells for red team operations, penetration testing, and offensive security.
Redeye
⭐
350
Redeye is a tool intended to help you manage your data during a pentest operation
Awesome Windows Red Team
⭐
340
A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
Msfmania
⭐
321
Python AV Evasion Tools
Girsh
⭐
320
Automatically spawn a reverse shell fully interactive for Linux or Windows victim
Superman
⭐
319
🤖 Kill The Protected Process 🤖
Rubyfu
⭐
311
Rubyfu, where Ruby goes evil!
Reconness
⭐
287
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Gray_hat_csharp_code
⭐
274
This repository contains full code examples from the book Gray Hat C#
Pinkerton
⭐
272
🕵️ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
Godgenesis
⭐
260
A Python3 based C2 server to make life of red teamer a bit easier. The payload is capable to bypass all the known antiviruses and endpoints.
Hrshell
⭐
242
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Related Searches
Security Penetration Testing (735)
Shell Penetration Testing (398)
Scanner Penetration Testing (373)
Python Penetration Testing (359)
Exploitation Penetration Testing (353)
1-46 of 46 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.