Top 181 redteam open source projects

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

One line PS scripts that may come handy during your network assesment

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.

A collection of Cobalt Strike aggressor scripts

一款适用于红蓝对抗中的仿真钓鱼系统

LD_PRELOAD rootkit

all paths lead to clouds

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

Discord C2 for Redteam....Need a better name

Assist reverse tcp shells in post-exploration tasks

一款可以检测WEB蜜罐并阻断请求的Chrome插件，能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api

Offensive Reverse Shell (Cheat Sheet)

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

Exfiltration based on custom X509 certificates

Pentesting/Bugbounty Dockerfiles.

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

Execute ELF files without dropping them on disk

🔎 Find usernames across social networks

Wordlists and passwords handcrafted with ♥

automated password spraying tool

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Automatic Reverse Shell Generator

Scan for and exploit Consul agents

Python AV Evasion Tools

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

C++ Windows Reverse Shell - Universal DLL Hijack | SSL Encryption | Statically Linked

一个简单实用的FOFA客户端 By flashine

基于Threathunting-book基础上完善的狩猎视角红队handbook

🌒 Shell command obfuscation to avoid detection systems

Simple DLL that add a user to the local Administrators group

A little tool to play with Outlook

A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Purple Team Exercise Framework

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes

Cobalt Strike AggressorScripts For Red Team

One stop place for exploiting Jira instances in your proximity

A Cobalt Strike Aggressor script to generate GadgetToJScript payloads

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV

SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#

C# tool to discover low hanging fruits

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

Just another useless C2 occupying space in some HDD somewhere.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

GoPhish Templates that I have retired and/or templates I've recreated.

ShellCodeLoader via DInvoke

It records your terminal, then lets you upload to ASHIRT

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

Blue Team detection lab created with Terraform and Ansible in Azure.

Monitoring GitHub for sensitive data shared publicly

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Red Teaming Tactics and Techniques

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)

redteam.wiki

Wireless USB Rubber Ducky triggered via BLE (make your Ubertooth quack!)