Awesome Open Source

Programming Languages

Search results for security tools red team

security-tools x

40 search results found

Sliver ⭐ 7,152

Adversary Emulation Framework

Awesome Hacker Search Engines ⭐ 6,307

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Gather and update all available and newest CVEs with their PoC.

1earn ⭐ 4,841

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Redteam Tools ⭐ 4,019

Tools and Techniques for Red Team / Penetration Testing

Black Hat Rust ⭐ 2,662

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Awesome Mobile Security ⭐ 2,511

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Stowaway ⭐ 2,195

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Silenttrinity ⭐ 2,087

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Gitgraber ⭐ 1,870

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Dismap ⭐ 1,840

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

Diamorphine ⭐ 1,639

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Netexec ⭐ 1,596

The Network Execution Tool

Cloakify ⭐ 1,483

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Fofa_viewer ⭐ 1,377

A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.

Sprayingtoolkit ⭐ 1,360

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

A Red Teamer Diaries ⭐ 1,294

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Goblin ⭐ 1,182

一款适用于红蓝对抗中的仿真钓鱼系统

Attack surface mapping

Perun ⭐ 1,037

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫

Moonwalk ⭐ 1,033

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.

Inventory ⭐ 1,019

Asset inventory of over 800 public bug bounty programs.

Deimosc2 ⭐ 926

DeimosC2 is a Golang command and control framework for post-exploitation.

Ssh Snake ⭐ 874

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

Red Baron ⭐ 860

Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.

Microsoftwontfixlist ⭐ 753

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Leaky Paths ⭐ 746

A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Dumpsterfire ⭐ 709

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Blackmamba ⭐ 688

C2/post-exploitation framework

Fireelf ⭐ 620

fireELF - Fileless Linux Malware Framework

Packetwhisper ⭐ 605

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Aiodnsbrute ⭐ 579

Python 3.5+ DNS asynchronous brute force utility

Mxtract ⭐ 573

mXtract - Memory Extractor & Analyzer

Impost3r ⭐ 556

👻Impost3r -- A linux password thief

Kubehound ⭐ 552

Kubernetes Attack Graph

Resolvers ⭐ 536

The most exhaustive list of reliable DNS resolvers.

0xsp Mongoose ⭐ 529

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Kubesploit ⭐ 501

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

Offensivedlr ⭐ 477

Toolbox containing research notes & PoC code for weaponizing .NET's DLR

Alanframework ⭐ 435

A C2 post-exploitation framework

Gtfonow ⭐ 414

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

Red Baron ⭐ 362

Automate creating resilient, disposable, secure and agile infrastructure for Red Teams

Red_team_attack_lab ⭐ 360

Red Team Attack Lab for TTP testing & research

Koko Moni ⭐ 338

一个网络空间搜索引擎监控平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗

Superman ⭐ 319

🤖 Kill The Protected Process 🤖

Sliver Gui ⭐ 272

A Sliver GUI Client

RPC Monitor tool based on Event Tracing for Windows

Fudgec2 ⭐ 236

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Ja3transport ⭐ 226

Impersonating JA3 signatures

Nimscan ⭐ 218

🚀 Fast Port Scanner 🚀

Emailall ⭐ 216

EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具

Mrkaplan ⭐ 200

MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.

Reveng_rtkit ⭐ 181

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.

Jiraffe ⭐ 178

One stop place for exploiting Jira instances in your proximity

Bulwark ⭐ 163

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Fileless Elf Exec ⭐ 162

Execute ELF files without dropping them on disk

Skanuvaty ⭐ 140

Dangerously fast DNS/network/port scanner

Airmaster ⭐ 131

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Pwn Pulse ⭐ 131

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Pentesting Cookbook ⭐ 124

A set of recipes useful in pentesting and red teaming scenarios

Find Gh Poc ⭐ 117

Find CVE PoCs on GitHub

Wsmanager ⭐ 115

Webshell Manager

Insiders ⭐ 111

Archive of Potential Insider Threats

Shonydanza ⭐ 110

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Murmurhash ⭐ 101

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Preferred Network List Sniffer ⭐ 98

A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.

Secfiles ⭐ 94

My files for security assessments, bug bounty and other security related stuff

Mediator ⭐ 91

An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.

Passdetective ⭐ 85

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

Activedirectoryattacktool ⭐ 81

ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.

Dorothy is a tool to test security monitoring and detection for Okta environments

Search for Unix binaries that can be exploited to bypass system security restrictions.

Controlcompass.github.io ⭐ 76

Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

one-stop resource for all things offensive security.

Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.

Codeallthethings ⭐ 58

A list of threat sinks used in the manual security source code review for application security

Postshell ⭐ 57

PostShell - Post Exploitation Bind/Backconnect Shell

Cybersecurity Red Team ⭐ 49

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Red Team (Offensive) in Cybersecurity.

Monitoring the Cloud Landscape

Sherlock ⭐ 46

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Exfilkit ⭐ 44

Data exfiltration utility for testing detection capabilities

Osint Tools ⭐ 42

OSINT tools can be used for Information gathering, Cybersecurity, Reverse searching, bugbounty, trust and safety, red team oprations and more.

Rt Cybershield ⭐ 36

Protecting Red Team infrastructure with cyber shield blocking AWS/AZURE/IBM/Digital Ocean/TOR/AV IP/ETC. ranges

Monarch - The Adversary Emulation Toolkit

Constole ⭐ 35

Scan for and exploit Consul agents

Pentest Resources Cheat Sheets ⭐ 33

This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.

Redteamtoolkit ⭐ 31

The WASM Based Security Toolkit for the Web First Paradigm

Holeysocks ⭐ 24

Cross-Platform Reverse Socks Proxy in Go

Malicious Rmqr Codes ⭐ 23

Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

Spraycannon ⭐ 22

Fast multithreaded multiplatform password spraying tool designed for easy use. Supports webhooks, jitter, delay, files, rotation, backend database

SMBScan is a tool to enumerate file shares on an internal network.

Unauthorized_com ⭐ 19

未授权检测的命令行版，支持批量检测

Aes Encoder ⭐ 17

PowerShell Obfuscator. A PowerShell script anti-virus evasion tool

Behold3r ⭐ 15

收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

Ntimetools ⭐ 14

Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes

Binoculo ⭐ 13

Binoculo is a lightning-fast banner grabbing tool built with Elixir, designed to swiftly retrieve service banners from target hosts

urlyzer is a URL parsing analysis tool.

A Python script that embeds Target VBS into LNK and when executed runs the VBS script from within.

Related Searches

Python Security Tools (707)

1-40 of 40 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.