PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (+221.43%)
ThecollectiveThe Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: ✭ 85 (-32.54%)
AutordpwnThe Shadow Attack Framework
Stars: ✭ 688 (+446.03%)
Physmem2profitPhysmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Stars: ✭ 244 (+93.65%)
Dref DNS Rebinding Exploitation Framework
Stars: ✭ 423 (+235.71%)
Platypus🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (+343.65%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-10.32%)
PentmenuA bash script for recon and DOS attacks
Stars: ✭ 288 (+128.57%)
ShonyDanzaA customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
Stars: ✭ 86 (-31.75%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+3203.17%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+2082.54%)
SleightEmpire HTTP(S) C2 redirector setup script
Stars: ✭ 44 (-65.08%)
Go Deliver Go-deliver is a payload delivery tool coded in Go.
Stars: ✭ 103 (-18.25%)
Black Hat RustApplied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
Stars: ✭ 331 (+162.7%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+329.37%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (+53.17%)
AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150 (+19.05%)
Netmap.jsFast browser-based network discovery module
Stars: ✭ 70 (-44.44%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+193.65%)
Red-Team-EssentialsThis repo will contain some basic pentest/RT commands.
Stars: ✭ 22 (-82.54%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+515.08%)
SessiongopherSessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Stars: ✭ 833 (+561.11%)
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: ✭ 5,615 (+4356.35%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+801.59%)
Gitjacker🔪 Leak git repositories from misconfigured websites
Stars: ✭ 1,249 (+891.27%)
ExploHuman and machine readable web vulnerability testing format
Stars: ✭ 114 (-9.52%)
Smtptestersmall python3 tool to check common vulnerabilities in SMTP servers
Stars: ✭ 102 (-19.05%)
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-3.97%)
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (-9.52%)
VailynA phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-18.25%)
Burp ParamalyzerParamalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
Stars: ✭ 102 (-19.05%)
Burp Send ToAdds a customizable "Send to..."-context-menu to your BurpSuite.
Stars: ✭ 114 (-9.52%)
Security ScriptsA collection of public offensive and defensive security related scripts for InfoSec students.
Stars: ✭ 101 (-19.84%)
HackvaultA container repository for my public web hacks!
Stars: ✭ 1,364 (+982.54%)
SubrakeA Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
Stars: ✭ 125 (-0.79%)
Horn3tPowerful Visual Subdomain Enumeration at the Click of a Mouse
Stars: ✭ 120 (-4.76%)
ArissploitArissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-9.52%)
SliverAdversary Simulation Framework
Stars: ✭ 1,348 (+969.84%)
Web BrutatorFast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-23.02%)
Linux Smart EnumerationLinux enumeration tool for pentesting and CTFs with verbosity levels
Stars: ✭ 1,956 (+1452.38%)
RulerA tool to abuse Exchange services
Stars: ✭ 1,684 (+1236.51%)
Put2winScript to automate PUT HTTP method exploitation to get shell
Stars: ✭ 96 (-23.81%)
DeepseaDeepSea Phishing Gear
Stars: ✭ 96 (-23.81%)
Resource filesmosquito - Automating reconnaissance and brute force attacks
Stars: ✭ 95 (-24.6%)
BellaBella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻
Stars: ✭ 112 (-11.11%)
SwurgParse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-25.4%)
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (-28.57%)
Gitlab WatchmanMonitoring GitLab for sensitive data shared publicly
Stars: ✭ 127 (+0.79%)
GtfoblookupOffline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)
Stars: ✭ 123 (-2.38%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+1446.83%)
WinpwnAutomation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+934.13%)
KatzkatzPython3 script to parse txt files containing Mimikatz output
Stars: ✭ 91 (-27.78%)
CtfrAbusing Certificate Transparency logs for getting HTTPS websites subdomains.
Stars: ✭ 1,535 (+1118.25%)
Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (-29.37%)