There are 341 repositories under redteam topic.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
🔎 Hunt down social media accounts by username across social networks
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Web path scanner
E-mails, subdomains and names Harvester - OSINT
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
List of Awesome Red Teaming Resources
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Tools and Techniques for Red Team / Penetration Testing
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Red Teaming Tactics and Techniques
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Automation for internal Windows Penetrationtest / AD-Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Free copy of The Cyber Plumber's Handbook - The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss.
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
Collection of quality safety articles. Awesome articles.
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点