Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A collection of open source and commercial tools that aid in red team operations.

Remote Administration Tool for Windows

An Information Security Reference That Doesn't Suck

Wiki to collect Red Team infrastructure hardening resources

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Automated Adversary Emulation

Covenant is a collaborative .NET C2 framework for red teamers.

Implant framework

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

A post exploitation framework designed to operate covertly on heavily monitored environments

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

The Shadow Attack Framework

Aggressor scripts for use with Cobalt Strike 3.0+

A front-end JavaScript toolkit for creating DNS rebinding attacks.

🔨 A modern multiple reverse shell sessions manager written in go

DNS Rebinding Exploitation Framework

A Golang implant that uses Slack as a command and control server

(l)user hunter using WinAPI calls only

An Android app that lets you use your access control card cloning devices in the field.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Python 3.5+ DNS asynchronous brute force utility

The SpecterOps project management and reporting engine

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

DeimosC2 is a Golang command and control framework for post-exploitation.