Tools and Techniques for Red Team / Penetration Testing
This github repository contains a collection of tools and resources that can be useful for red teaming activities.
This github repository contains a collection of tools and resources that can be useful for red teaming activities: https://github.com/A-poc/RedTeam-Tools
Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context.
Warning
The materials in this repository are for informational and educational purposes only. They are not intended for use in any illegal activities.
Tool List
Reconnaissance
- crt.sh -> httprobe -> EyeWitness Automated domain screenshotting
- jsendpoints Extract page DOM links
- nuclei Vulnerability scanner
- certSniff Certificate transparency log keyword sniffer
- gobuster Website path brute force
- dnsrecon Enumerate DNS records
- Shodan.io Public facing system knowledge base
- AORT (All in One Recon Tool) Subdomain enumeration
- spoofcheck SPF/DMARC record checker
- AWSBucketDump S3 bucket enumeration
- GitHarvester GitHub credential searcher
- truffleHog GitHub credential scanner
Resource Development
Initial Access
- Bash Bunny USB attack tool
- EvilGoPhish Phishing campaign framework
- The Social-Engineer Toolkit Phishing campaign framework
- Hydra Brute force tool
- SquarePhish OAuth/QR code phishing framework
- King Phisher Phishing campaign framework
Execution
- Donut In-memory .NET execution
- Macro_pack Macro obfuscation
- PowerSploit PowerShell script suite
- Rubeus Active directory hack tool
- SharpUp Windows vulnerability identifier
Persistence
- Impacket Python script suite
- Empire Post-exploitation framework
- SharPersist Windows persistence toolkit
Privilege Escalation
- LinPEAS Linux privilege escalation
- WinPEAS Windows privilege escalation
- linux-smart-enumeration Linux privilege escalation
- Certify Active directory privilege escalation
- Get-GPPPassword Windows password extraction
- Sherlock PowerShell privilege escalation tool
- Watson Windows privilege escalation tool
Defense Evasion
- Invoke-Obfuscation Script obfuscator
- Veil Metasploit payload obfuscator
Credential Access
- Mimikatz Windows credential extractor
- LaZagne Local password extractor
- hashcat Password hash cracking
- John the Ripper Password hash cracking
Discovery
- PCredz Credential discovery PCAP/live interface
- PingCastle Active directory assessor
- Seatbelt Local vulnerability scanner
- ADRecon Active directory recon
Lateral Movement
- crackmapexec Windows/Active directory lateral movement toolkit
- Enabling RDP Windows RDP enable command
- Upgrading shell to meterpreter Reverse shell improvement
- Forwarding Ports Local port forward command
- Jenkins reverse shell Jenkins shell command
Collection
- BloodHound Active directory visualisation
Command and Control
- Havoc Command and control framework
- Covenant Command and control framework (.NET)
- Merlin Command and control framework (Golang)
- Metasploit Framework Command and control framework (Ruby)
- Pupy Command and control framework (Python)
- Brute Ratel Command and control framework ($$$)
Exfiltration
- Dnscat2 C2 via DNS tunneling
- Cloakify Data transformation for exfiltration
- PyExfil Data exfiltration PoC
- Powershell RAT Python based backdoor
Impact
- SlowLoris Simple denial of service
What's Your Reaction?
