467 Open source projects that are alternatives of or similar to Aggressor_scripts

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

The Collective. A repo for a collection of red-team projects found mostly on Github.

The Shadow Attack Framework

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

DNS Rebinding Exploitation Framework

🔨 A modern multiple reverse shell sessions manager wrote in go

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

A bash script for recon and DOS attacks

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

The all-in-one Red Team extension for Web Pentester 🛠

Empire HTTP(S) C2 redirector setup script

Go-deliver is a payload delivery tool coded in Go.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Linux Rootkits (4.x Kernel)

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Fast browser-based network discovery module

Wiki to collect Red Team infrastructure hardening resources

🦄🔒 Awesome list of secrets in environment variables 🖥️

Python 3.5+ DNS asynchronous brute force utility

This repo will contain some basic pentest/RT commands.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

🔪 Leak git repositories from misconfigured websites

Human and machine readable web vulnerability testing format

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

small python3 tool to check common vulnerabilities in SMTP servers

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.

Adds a customizable "Send to..."-context-menu to your BurpSuite.

A collection of public offensive and defensive security related scripts for InfoSec students.

A container repository for my public web hacks!

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Adversary Simulation Framework

Fast Modular Web Interfaces Bruteforcer

Linux enumeration tool for pentesting and CTFs with verbosity levels

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

A tool to abuse Exchange services

Script to automate PUT HTTP method exploitation to get shell

DeepSea Phishing Gear

mosquito - Automating reconnaissance and brute force attacks

Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Monitoring GitLab for sensitive data shared publicly

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Elasticsearch for Offensive Security

Automation for internal Windows Penetrationtest / AD-Security

Python3 script to parse txt files containing Mimikatz output

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"