redteam-tools

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Attack Surface Management Platform | Sn1perSecurity LLC

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Cyber Security ALL-IN-ONE Platform

一款适用于红蓝对抗中的仿真钓鱼系统

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

A PowerShell armoury for security guys and girls

一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集，降低红队技术门槛的手册【持续更新】

C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.

A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.

red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel with certain experience.

Dangerously fast DNS/network/port scanner

New UAC bypass for Silent Cleanup for CobaltStrike

Project to enumerate proxy configurations and generate shellcode from CobaltStrike

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

Security product hook detection

Programmatically extract saved passwords from Chromium based browsers.

Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.

A Red Team tool for exfiltrating sensitive data from Jira tickets.

EZEA (EaZy Enum Automator), made for OSCP. This tool uses bash to automate most of the enumeration proces

A Red Team tool for exfiltrating sensitive data from Confluence pages.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's API.

UUID based Shellcode loader for your favorite C2

PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527