151 Open Source Red Team Software Projects
Free and open source red team code projects including engines, APIs, generators, and tools.
Nishang 6060 ⭐
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Red Teaming Toolkit 5809 ⭐
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Infosec_reference 4205 ⭐
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Discover 2583 ⭐
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Cloakify 1242 ⭐
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Harleyqu1nn Aggressorscripts 1176 ⭐
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
Shad0w 1573 ⭐
A post exploitation framework designed to operate covertly on heavily monitored environments
Sessiongopher 918 ⭐
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Dumpsterfire 826 ⭐
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Bashfuscator 821 ⭐
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Whonow 558 ⭐
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
Packetwhisper 524 ⭐
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Teamwalrus Walrus 364 ⭐
An Android app that lets you use your access control card cloning devices in the field.
Lmco Dart 220 ⭐
DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
Physmem2profit 270 ⭐
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Hrshell 221 ⭐
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Pwn Pulse 123 ⭐
Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
Vulnrepo 161 ⭐
VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, Security report builder.
Infosec Interview Questions 74 ⭐
🗒️ A [work-in-progress] collection for interview questions for Information Security roles
Ycsm 73 ⭐
This is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).
Softrams Bulwark 145 ⭐
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Macos Wpa Psk 29 ⭐
PoC script showing that MacOS leaves the wireless key in NVRAM, in plaintext and accessible to anyone.
Rt Cybershield 33 ⭐
Protecting Red Team infrastructure with cyber shield blocking AWS/AZURE/IBM/Digital Ocean/TOR/AV IP/ETC. ranges
Hackarsenaltoolkit 33 ⭐
Hacking arsenal. This script download the latest tools, wordlists, releases and install common hacking tools
Thecollective 28 ⭐
The Collective. A repo for a collection of red team and/or pen test projects found mostly on Github. https://github.com/ceramicskate0/TheCollective #infosec #redteaming #pentest
Gbiagomba Sherlock 34 ⭐
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Adversary_emulation_library 532 ⭐
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Adversarial Robustness Toolbox 2748 ⭐
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
Geemion Khepri 1203 ⭐
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
Pi Pwnbox Rogueap 946 ⭐
Homemade Pwnbox :rocket: / Rogue AP :satellite: based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap :bulb:
Bigbountyrecon 744 ⭐
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Community Threats 365 ⭐
The largest, public library of adversary emulation plans in JSON. A place to share custom SCYTHE threats with the community. #ThreatThursday
Liquidsnake 250 ⭐
LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
Powershell Red Team 203 ⭐
Collection of PowerShell functions a Red Teamer may use to collect data from a machine
Cve 2021 21123 Poc Google Chrome 141 ⭐
🐱💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
Adfsbrute 119 ⭐
A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.
Building C2 Implants In Cpp 117 ⭐
The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogunlab).
Enterprisepurpleteaming 147 ⭐
Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study. Doctor of Science Cybersecurity at Marymount University Dissertation by Xena Olsen.