219 Open source projects that are alternatives of or similar to Attack Tools

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

Test Blue Team detections without running any attack.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

OSINT

🙃 Reverse Shell Cheat Sheet 🙃

fireELF - Fileless Linux Malware Framework

E-mails, subdomains and names Harvester - OSINT

linux post-exploitation framework made by linux user

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

metasploit-framework 图形界面 / 图形化内网渗透工具

Collection of PoC and offensive techniques used by the BlackArrow Red Team

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

cobaltstrike ms17-010 module and some other

mXtract - Memory Extractor & Analyzer

Actionable analytics designed to combat threats

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Scan your code for security misconfiguration, search for passwords and secrets. 🔍

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Hershell is a simple TCP reverse shell written in Go.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

AV Evasion Tool For Red Team Ops

🔎 Hunt down social media accounts by username across social networks

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

List of Awesome Red Teaming Resources

红队基础设施自动化部署工具

👻Impost3r -- A linux password thief

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Tactics, Techniques, and Procedures

generate CobaltStrike's cross-platform payload

Network Pivoting Toolkit

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

This repository contains full code examples from the book Gray Hat C#

👻Stowaway -- Multi-hop Proxy Tool for pentesters

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

A Linux Auditd rule set mapped to MITRE's Attack Framework

Scripts and a (future) library to improve users' interactions with the ATT&CK content

Writing custom backdoor payloads with C# - Defcon 27 Workshop

Awesome cloud enumerator

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Overlord - Red Teaming Infrastructure Automation

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Open-Source PE Packer

BadAssMacros - C# based automated Malicous Macro Generator.

Small and highly portable detection tests based on MITRE's ATT&CK.

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Projects for security students

Load shellcode into a new process

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

记录自己编写、修改的部分工具