Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for security tools red team
red-team
x
security-tools
x
40 search results found
Sliver
⭐
7,152
Adversary Emulation Framework
Awesome Hacker Search Engines
⭐
6,307
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Cve
⭐
5,806
Gather and update all available and newest CVEs with their PoC.
1earn
⭐
4,841
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Redteam Tools
⭐
4,019
Tools and Techniques for Red Team / Penetration Testing
Black Hat Rust
⭐
2,662
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Awesome Mobile Security
⭐
2,511
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stowaway
⭐
2,195
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Silenttrinity
⭐
2,087
An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
Gitgraber
⭐
1,870
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Dismap
⭐
1,840
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
Diamorphine
⭐
1,639
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Netexec
⭐
1,596
The Network Execution Tool
Cloakify
⭐
1,483
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Fofa_viewer
⭐
1,377
A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.
Sprayingtoolkit
⭐
1,360
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
A Red Teamer Diaries
⭐
1,294
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Goblin
⭐
1,182
一款适用于红蓝对抗中的仿真钓鱼系统
Goby
⭐
1,081
Attack surface mapping
Perun
⭐
1,037
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫
Moonwalk
⭐
1,033
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
Inventory
⭐
1,019
Asset inventory of over 800 public bug bounty programs.
Deimosc2
⭐
926
DeimosC2 is a Golang command and control framework for post-exploitation.
Ssh Snake
⭐
874
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
Red Baron
⭐
860
Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.
Microsoftwontfixlist
⭐
753
A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
Leaky Paths
⭐
746
A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Blackmamba
⭐
688
C2/post-exploitation framework
Fireelf
⭐
620
fireELF - Fileless Linux Malware Framework
Packetwhisper
⭐
605
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Aiodnsbrute
⭐
579
Python 3.5+ DNS asynchronous brute force utility
Mxtract
⭐
573
mXtract - Memory Extractor & Analyzer
Impost3r
⭐
556
👻Impost3r -- A linux password thief
Kubehound
⭐
552
Kubernetes Attack Graph
Resolvers
⭐
536
The most exhaustive list of reliable DNS resolvers.
0xsp Mongoose
⭐
529
a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
Kubesploit
⭐
501
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
Offensivedlr
⭐
477
Toolbox containing research notes & PoC code for weaponizing .NET's DLR
Alanframework
⭐
435
A C2 post-exploitation framework
Gtfonow
⭐
414
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
Red Baron
⭐
362
Automate creating resilient, disposable, secure and agile infrastructure for Red Teams
Red_team_attack_lab
⭐
360
Red Team Attack Lab for TTP testing & research
Koko Moni
⭐
338
一个网络空间搜索引擎监控平台,可定时进行资产信息爬取,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源,并对获取到的数据进行去重与清洗
Superman
⭐
319
🤖 Kill The Protected Process 🤖
Grc2
⭐
312
grim reaper c2
Sliver Gui
⭐
272
A Sliver GUI Client
Rpcmon
⭐
271
RPC Monitor tool based on Event Tracing for Windows
Fudgec2
⭐
236
FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
Ja3transport
⭐
226
Impersonating JA3 signatures
Nimscan
⭐
218
🚀 Fast Port Scanner 🚀
Emailall
⭐
216
EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具
Mrkaplan
⭐
200
MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
Reveng_rtkit
⭐
181
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
Jiraffe
⭐
178
One stop place for exploiting Jira instances in your proximity
Bulwark
⭐
163
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Fileless Elf Exec
⭐
162
Execute ELF files without dropping them on disk
Skanuvaty
⭐
140
Dangerously fast DNS/network/port scanner
Airmaster
⭐
131
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
Pwn Pulse
⭐
131
Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
Pentesting Cookbook
⭐
124
A set of recipes useful in pentesting and red teaming scenarios
Find Gh Poc
⭐
117
Find CVE PoCs on GitHub
Wsmanager
⭐
115
Webshell Manager
Insiders
⭐
111
Archive of Potential Insider Threats
Shonydanza
⭐
110
A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
Murmurhash
⭐
101
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Preferred Network List Sniffer
⭐
98
A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
Secfiles
⭐
94
My files for security assessments, bug bounty and other security related stuff
Mediator
⭐
91
An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.
Passdetective
⭐
85
PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.
Activedirectoryattacktool
⭐
81
ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.
Dorothy
⭐
78
Dorothy is a tool to test security monitoring and detection for Okta environments
Gtfo
⭐
76
Search for Unix binaries that can be exploited to bypass system security restrictions.
Controlcompass.github.io
⭐
76
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
Suass
⭐
75
one-stop resource for all things offensive security.
Log4j
⭐
74
Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.
Codeallthethings
⭐
58
A list of threat sinks used in the manual security source code review for application security
Postshell
⭐
57
PostShell - Post Exploitation Bind/Backconnect Shell
Cybersecurity Red Team
⭐
49
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Red Team (Offensive) in Cybersecurity.
Cloud
⭐
47
Monitoring the Cloud Landscape
Sherlock
⭐
46
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Gorsh
⭐
44
A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
Exfilkit
⭐
44
Data exfiltration utility for testing detection capabilities
Osint Tools
⭐
42
OSINT tools can be used for Information gathering, Cybersecurity, Reverse searching, bugbounty, trust and safety, red team oprations and more.
Rt Cybershield
⭐
36
Protecting Red Team infrastructure with cyber shield blocking AWS/AZURE/IBM/Digital Ocean/TOR/AV IP/ETC. ranges
Monarch
⭐
36
Monarch - The Adversary Emulation Toolkit
Constole
⭐
35
Scan for and exploit Consul agents
Pentest Resources Cheat Sheets
⭐
33
This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.
Redteamtoolkit
⭐
31
The WASM Based Security Toolkit for the Web First Paradigm
Holeysocks
⭐
24
Cross-Platform Reverse Socks Proxy in Go
Malicious Rmqr Codes
⭐
23
Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
Spraycannon
⭐
22
Fast multithreaded multiplatform password spraying tool designed for easy use. Supports webhooks, jitter, delay, files, rotation, backend database
Smbscan
⭐
19
SMBScan is a tool to enumerate file shares on an internal network.
Unauthorized_com
⭐
19
未授权检测的命令行版,支持批量检测
Aes Encoder
⭐
17
PowerShell Obfuscator. A PowerShell script anti-virus evasion tool
Behold3r
⭐
15
收集指定网站的子域名,并可监控指定网站的子域名更新情况,发送变更报告至指定邮箱
Ntimetools
⭐
14
Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes
Binoculo
⭐
13
Binoculo is a lightning-fast banner grabbing tool built with Elixir, designed to swiftly retrieve service banners from target hosts
Urlyzer
⭐
13
urlyzer is a URL parsing analysis tool.
Lnk2vbs
⭐
11
A Python script that embeds Target VBS into LNK and when executed runs the VBS script from within.
Related Searches
Python Security Tools (707)
1-40 of 40 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.