SleightEmpire HTTP(S) C2 redirector setup script
Stars: β 44 (-98.52%)
ycsmThis is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).
Stars: β 73 (-97.55%)
Platypusπ¨ A modern multiple reverse shell sessions manager wrote in go
Stars: β 559 (-81.25%)
Physmem2profitPhysmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Stars: β 244 (-91.81%)
InMemoryNETExploring in-memory execution of .NET
Stars: β 55 (-98.15%)
PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: β 405 (-86.41%)
Malleable-C2-ProfilesMalleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.
Stars: β 168 (-94.36%)
chkdfrontCheck Domain Fronting (chkdfront) - It checks if your domain fronting is working
Stars: β 42 (-98.59%)
Dref DNS Rebinding Exploitation Framework
Stars: β 423 (-85.81%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: β 775 (-74%)
SessiongopherSessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Stars: β 833 (-72.06%)
Red-Team-EssentialsThis repo will contain some basic pentest/RT commands.
Stars: β 22 (-99.26%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: β 193 (-93.53%)
Black Hat RustApplied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
Stars: β 331 (-88.9%)
PentmenuA bash script for recon and DOS attacks
Stars: β 288 (-90.34%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: β 1,136 (-61.89%)
Go Deliver Go-deliver is a payload delivery tool coded in Go.
Stars: β 103 (-96.54%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: β 541 (-81.85%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: β 370 (-87.59%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: β 4,162 (+39.62%)
AutordpwnThe Shadow Attack Framework
Stars: β 688 (-76.92%)
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: β 5,615 (+88.36%)
Gitjackerπͺ Leak git repositories from misconfigured websites
Stars: β 1,249 (-58.1%)
ThecollectiveThe Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: β 85 (-97.15%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: β 113 (-96.21%)
Netmap.jsFast browser-based network discovery module
Stars: β 70 (-97.65%)
ShonyDanzaA customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
Stars: β 86 (-97.12%)
AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: β 150 (-94.97%)
Kubernetes GoatKubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Stars: β 868 (-70.88%)
Aggressor scriptsA collection of useful scripts for Cobalt Strike
Stars: β 126 (-95.77%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester π
Stars: β 2,750 (-7.75%)
SharpattackA simple wrapper for C# tools
Stars: β 211 (-92.92%)
LeakscraperLeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Stars: β 227 (-92.39%)
Minicronπ°οΈ Monitor your cron jobs
Stars: β 2,351 (-21.13%)
DartDART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
Stars: β 207 (-93.06%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance withβ¦
Stars: β 3,439 (+15.36%)
FilesensorDynamic file detection tool based on crawler εΊδΊη¬θ«ηε¨ζζζζδ»Άζ’ζ΅ε·₯ε
·
Stars: β 227 (-92.39%)
Oci CliCommand Line Interface for Oracle Cloud Infrastructure
Stars: β 207 (-93.06%)
LnkupGenerates malicious LNK file payloads for data exfiltration
Stars: β 205 (-93.12%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: β 2,775 (-6.91%)
DecryptteamviewerEnumerate and decrypt TeamViewer credentials from Windows registry
Stars: β 205 (-93.12%)
O365reconretrieve information via O365 with a valid cred
Stars: β 204 (-93.16%)
Mobileapp Pentest CheatsheetThe Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Stars: β 3,051 (+2.35%)
Scoutπ Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
Stars: β 241 (-91.92%)
CalderaAutomated Adversary Emulation Platform
Stars: β 3,126 (+4.86%)
Evil SsdpSpoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Stars: β 204 (-93.16%)
CatalystAccelerated deep learning R&D
Stars: β 2,804 (-5.94%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: β 3,873 (+29.92%)
LyraOpen Source Workflow Engine for Cloud Native Infrastructure
Stars: β 203 (-93.19%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: β 238 (-92.02%)
DrozerThe Leading Security Assessment Framework for Android.
Stars: β 2,683 (-10%)
Doxboxweb-based OSINT and reconaissance toolkit
Stars: β 202 (-93.22%)
TemporalβοΈ Temporal is an easy-to-use, enterprise-grade interface into distributed and decentralized storage
Stars: β 202 (-93.22%)
AndroticklerPenetration testing and auditing toolkit for Android apps.
Stars: β 225 (-92.45%)
HawkeyeHawkeye filesystem analysis tool
Stars: β 202 (-93.22%)