There are 55 repositories under redteam-tools topic.
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
Dangerously fast DNS/network/port scanner
OffSec OSINT Pentest/RedTeam Tools
ffffffff0x team toolset for penetration testing, cryptography research, CTF and daily use. | ffffffff0x 团队工具集,用来进行渗透测试,密码学研究,CTF和日常使用。
一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集,降低红队技术门槛的手册【持续更新】
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
A tool that shows detailed information about named pipes in Windows
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
UAC Bypass By Abusing Kerberos Tickets
A PowerShell armoury for security guys and girls
Local privilege escalation via PetitPotam (Abusing impersonate privileges).
AI-Powered Ethical Hacking Assistant
FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.
A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.
Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol