red-team

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Remote Administration Tool for Windows

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Automated Adversary Emulation Platform

The all-in-one Red Team extension for Web Pentester 🛠

Adversary Emulation Framework

Wiki to collect Red Team infrastructure hardening resources

Gather and update all available and newest CVEs with their PoC.

Covenant is a collaborative .NET C2 framework for red teamers.

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹2000+，暴力破解协议10余种。

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

A post exploitation framework designed to operate covertly on heavily monitored environments

Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

The Shadow Attack Framework

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

C2/post-exploitation framework

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.