PenTestandRedTeamsToolsbyJoasandS3cur3Th1sSh1t.pdf资源-CSDN文库

网络

渗透测试

需积分: 5 126 浏览量 2023-10-06 17:27:31 上传评论收藏 216KB PDF 举报

资源推荐

资源详情

资源评论

PenTest and Red

Teams Tools by Joas

and S3cur3Th1sSh1t

Powershell Scripts

AMSI Bypass

https://github.com/S3cur3Th1sSh1t/

WinPwn

https://github.com/dafthack/MailSniper

https://github.com/putterpanda/

mimikittenz

https://github.com/dafthack/

DomainPasswordSpray

https://github.com/mdavis332/

DomainPasswordSpray

https://github.com/jnqpblc/SharpSpray

https://github.com/Arvanaghi/

SessionGopher

https://github.com/samratashok/nishang

https://github.com/PowerShellMaﬁa/

PowerSploit

https://github.com/fdiskyou/PowerOPS

https://github.com/giMini/PowerMemory

https://github.com/Kevin-Robertson/

Inveigh

https://github.com/MichaelGrafnetter/

DSInternals

https://github.com/PowerShellEmpire/

PowerTools

https://github.com/FuzzySecurity/

PowerShell-Suite

https://github.com/hlldz/Invoke-Phant0m

https://github.com/leoloobeek/LAPSToolkit

https://github.com/n00py/LAPSDumper

https://github.com/sense-of-security/

ADRecon

https://github.com/adrecon/ADRecon

https://github.com/S3cur3Th1sSh1t/Grouper

https://github.com/l0ss/Grouper2

https://github.com/NetSPI/PowerShell

https://github.com/NetSPI/PowerUpSQL

https://github.com/GhostPack

https://github.com/Kevin-Robertson/

Powermad

https://github.com/S3cur3Th1sSh1t/Amsi-

Bypass-Powershell

https://github.com/Flangvik/AMSI.fail

https://github.com/p3nt4/PowerShdll

https://github.com/jaredhaight/PSAttack

https://github.com/Cn33liz/p0wnedShell

https://github.com/cobbr/

InsecurePowerShell

https://github.com/bitsadmin/

nopowershell

https://github.com/Mr-Un1k0d3r/

PowerLessShell

https://github.com/OmerYa/Invisi-Shell

https://github.com/Hackplayers/Salsa-tools

https://github.com/padovah4ck/

PSByPassCLM

https://github.com/rasta-mouse/

AmsiScanBufferBypass

https://github.com/itm4n/VBA-RunPE

https://github.com/cfalta/

PowerShellArmoury

https://github.com/Mr-B0b/SpaceRunner

https://github.com/RythmStick/

AMSITrigger

https://github.com/rmdavy/AMSI_Ordinal_

Bypass

https://github.com/mgeeky/Stracciatella

https://github.com/med0x2e/NoAmci

https://github.com/rvrsh3ll/NoMSBuild

https://github.com/bohops/

UltimateWDACBypassList

https://github.com/jxy-s/herpaderping

https://github.com/Cn33liz/MSBuildShell

Payload Hosting

https://github.com/kgretzky/pwndrop

https://github.com/sc0tfree/updog

Network Share Scanner

https://github.com/SnaffCon/Snafﬂer

https://github.com/djhohnstein/

SharpShares

https://github.com/vivami/SauronEye

https://github.com/leftp/VmdkReader

Reverse Shellz

https://github.com/xct/xc

https://github.com/cytopia/pwncat

https://github.com/Kudaes/LOLBITS

Main Topic 6

Backdoor Finder

https://github.com/linuz/Sticky-Keys-Slayer

https://github.com/ztgrace/sticky_keys_

hunter

https://github.com/countercept/

doublepulsar-detection-script

Lateral Movement

https://github.com/0xthirteen/SharpRDP

https://github.com/0xthirteen/MoveKit

https://github.com/0xthirteen/SharpMove

https://github.com/rvrsh3ll/SharpCOM

https://github.com/malcomvetter/CSExec

https://github.com/byt3bl33d3r/

CrackMapExec

https://github.com/cube0x0/

SharpMapExec

https://github.com/nccgroup/WMIcmd

https://github.com/rasta-mouse/MiscTools

https://github.com/byt3bl33d3r/DeathStar

https://github.com/SpiderLabs/portia

https://github.com/Screetsec/Vegile

https://github.com/DanMcInerney/

icebreaker

https://github.com/MooseDojo/apt2

https://github.com/hdm/nextnet

https://github.com/mubix/IOXIDResolver

https://github.com/Hackplayers/evil-winrm

https://github.com/bohops/WSMan-

WinRM

https://github.com/dirkjanm/krbrelayx

https://github.com/Mr-Un1k0d3r/SCShell

https://github.com/rvazarkar/

GMSAPasswordReader

https://github.com/fdiskyou/hunter

https://github.com/360-Linton-Lab/

WMIHACKER

https://github.com/leechristensen/

SpoolSample

https://github.com/leftp/SpoolSamplerNET

https://github.com/lexfo/rpc2socks

https://github.com/checkymander/sshiva

https://github.com/dev-2null/ADCollector

POST Exploitation

https://github.com/mubix/post-

exploitation

https://github.com/emilyanncr/Windows-

Post-Exploitation

https://github.com/nettitude/Invoke-

PowerThIEf

https://github.com/ThunderGunExpress/

BADministration

https://github.com/bohops/

SharpRDPHijack

https://github.com/antonioCoco/RunasCs

https://github.com/klsecservices/Invoke-

Vnc

https://github.com/

mandatoryprogrammer/CursedChrome

https://github.com/djhohnstein/WireTap

https://github.com/GhostPack/Lockless

https://github.com/infosecn1nja/

SharpDoor

Phishing Tools

https://github.com/hlldz/pickl3

https://github.com/shantanu561993/

SharpLoginPrompt

https://github.com/Dviros/CredsLeaker

https://github.com/bitsadmin/

fakelogonscreen

https://github.com/CCob/PinSwipe

Wrapper for various tools

https://github.com/bohops/GhostBuild

https://github.com/S3cur3Th1sSh1t/

PowerSharpPack

https://github.com/rvrsh3ll/Rubeus-

Rundll32

https://github.com/checkymander/Zolom

Pivoting

https://github.com/0x36/VPNPivot

https://github.com/securesocketfunneling/

ssf

https://github.com/p3nt4/Invoke-

SocksProxy

https://github.com/sensepost/reGeorg

https://github.com/hayasec/reGeorg-

Weblogic

https://github.com/nccgroup/ABPTTS

https://github.com/RedTeamOperations/

PivotSuite

https://github.com/trustedsec/

egressbuster

https://github.com/vincentcox/bypass-

ﬁrewalls-by-DNS-history

https://github.com/shantanu561993/

SharpChisel

https://github.com/jpillora/chisel

https://github.com/esrrhs/pingtunnel

https://github.com/sysdream/ligolo

https://github.com/nccgroup/

SocksOverRDP

https://github.com/blackarrowsec/

mssqlproxy

Active Directory Audit and exploit tools

https://github.com/mwrlabs/

SharpGPOAbuse

https://github.com/BloodHoundAD/

BloodHound

https://github.com/BloodHoundAD/

SharpHound3

https://github.com/chryzsh/awesome-

bloodhound

https://github.com/hausec/Bloodhound-

Custom-Queries

https://github.com/CompassSecurity/

BloodHoundQueries

https://github.com/vletoux/pingcastle

https://github.com/cyberark/ACLight

https://github.com/canix1/ADACLScanner

https://github.com/fox-it/Invoke-ACLPwn

https://github.com/NinjaStyle82/rbcd_

permissions

https://github.com/NotMedic/

NetNTLMtoSilverTicket

https://github.com/dirkjanm/

ldapdomaindump

Persistence on Windows

https://github.com/ﬁreeye/SharPersist

https://github.com/outﬂanknl/SharpHide

https://github.com/HarmJ0y/DAMP

Framework Discovery

https://github.com/Tuhinshubhra/CMSeeK

https://github.com/Dionach/CMSmap -

Wordpress, Joomla, Drupal Scanner

https://github.com/wpscanteam/wpscan

https://github.com/Ekultek/WhatWaf

Framework Scanner /

Exploitation

https://github.com/wpscanteam/wpscan -

wordpress

https://github.com/n00py/WPForce

https://github.com/m4ll0k/WPSeku https://

github.com/swisskyrepo/Wordpresscan

https://github.com/rastating/wordpress-

exploit-framework

https://github.com/coldfusion39/domi-

owned - lotus domino

https://github.com/droope/droopescan -

Drupal

https://github.com/whoot/Typo-

Enumerator - Typo3

https://github.com/rezasp/joomscan -

Joomla

Web Vulnerability Scanner / Burp Plugins

https://github.com/m4ll0k/WAScan - all in

one scanner

https://github.com/s0md3v/XSStrike - XSS

discovery

https://github.com/federicodotta/Java-

Deserialization-Scanner

https://github.com/d3vilbug/HackBar

https://github.com/gyoisamurai/GyoiThon

https://github.com/snoopysecurity/

awesome-burp-extensions

https://github.com/sting8k/BurpSuite_

403Bypasser - Burpsuite Extension to

bypass 403 restricted directory

https://github.com/BishopFox/

GadgetProbe

File / Directory / Parameter

discovery

https://github.com/OJ/gobuster

https://github.com/nccgroup/dirble

https://github.com/maK-/parameth

https://github.com/devanshbatham/

ParamSpider - Mining parameters from

dark corners of Web Archives

https://github.com/s0md3v/Arjun - 💗

https://github.com/Cillian-Collins/

dirscraper - Directory lookup from

Javascript ﬁles

https://github.com/hannob/snallygaster

https://github.com/maurosoria/dirsearch

https://github.com/s0md3v/Breacher -

Admin Panel Finder

https://github.com/mazen160/server-

status_PWN

https://github.com/KingOfBugbounty/

KingOfBugBountyTips

https://github.com/helviojunior/

turbosearch

Web Exploitation Tools

https://github.com/OsandaMalith/

LFiFreak - lﬁ

https://github.com/enjoiz/XXEinjector - xxe

https://github.com/tennc/webshell - shellz

https://github.com/ﬂozz/p0wny-shell

https://github.com/epinna/tplmap - ssti

https://github.com/orf/xcat - xpath

injection

https://github.com/almandin/fuxploider -

File Uploads

https://github.com/nccgroup/freddy -

deserialization

https://github.com/irsdl/IIS-ShortName-

Scanner - IIS Short Filename Vuln.

exploitation

https://github.com/frohoff/ysoserial -

Deserialize Java Exploitation

https://github.com/pwntester/ysoserial.

net - Deserialize .NET Exploitation

https://github.com/internetwache/

GitTools - Exploit .git Folder Existence

https://github.com/cujanovic/SSRF-

Testing - SSRF Tutorials

https://github.com/ambionics/phpggc -

PHP Unserialize Payload generator

https://github.com/BuffaloWill/oxml_xxe -

Malicious Ofﬁce XXE payload generator

https://github.com/tijme/angularjs-csti-

scanner - Angularjs Csti Scanner

https://github.com/0xacb/viewgen -

Deserialize .NET Viewstates

https://github.com/Illuminopi/RCEvil.NET -

Deserialize .NET Viewstates

Rest API Audit

https://github.com/microsoft/restler-

fuzzer - RESTler is the ﬁrst stateful REST

API fuzzing tool for automatically testing

cloud services through their REST APIs and

ﬁnding security and reliability bugs in

these services.

https://github.com/ﬂipkart-incubator/Astra

Windows Privilege Escalation /

Audit

https://github.com/itm4n/PrivescCheck -

Privilege Escalation Enumeration Script for

Windows

https://github.com/carlospolop/privilege-

escalation-awesome-scripts-suite/tree/

master/winPEAS - powerfull Privilege

Escalation Check Script with nice output

https://github.com/AlessandroZ/BeRoot

https://github.com/rasta-mouse/Sherlock

https://github.com/hﬁref0x/UACME - UAC

https://github.com/rootm0s/WinPwnage -

UAC

https://github.com/abatchy17/

WindowsExploits

https://github.com/dafthack/HostRecon

https://github.com/sensepost/rattler - ﬁnd

vulnerable dlls for preloading attack

https://github.com/WindowsExploits/

Exploits

https://github.com/Cybereason/siofra - dll

hijack scanner

https://github.com/0xbadjuju/Tokenvator -

admin to system

https://github.com/MojtabaTajik/Robber

https://github.com/411Hall/JAWS

https://github.com/GhostPack/SharpUp

https://github.com/GhostPack/Seatbelt

https://github.com/A-mIn3/WINspect

https://github.com/hausec/ADAPE-Script

https://github.com/SecWiki/windows-

kernel-exploits

https://github.com/bitsadmin/wesng

https://github.com/rasta-mouse/Watson

Windows Privilege Abuse (

Privilege Escalation)

https://github.com/gtworek/Priv2Admin -

Abuse Windows Privileges

https://github.com/itm4n/UsoDllLoader -

load malicious dlls from system32

https://github.com/TsukiCTF/Lovely-

Potato - Exploit potatoes with automation

https://github.com/antonioCoco/

RogueWinRM - from Service Account to

System

https://github.com/antonioCoco/

RoguePotato - Another Windows Local

Privilege Escalation from Service Account

to System

https://github.com/itm4n/PrintSpoofer -

Abusing Impersonation Privileges on

Windows 10 and Server 2019

https://github.com/BeichenDream/

BadPotato - itm4ns Printspoofer in C#

https://github.com/itm4n/FullPowers -

Recover the default privilege set of a

LOCAL/NETWORK SERVICE account

Linux Privilege Escalation / Audit

https://github.com/carlospolop/privilege-

escalation-awesome-scripts-suite/tree/

master/linPEAS - powerfull Privilege

Escalation Check Script with nice output

https://github.com/mzet-/linux-exploit-

suggester

https://github.com/rebootuser/LinEnum

https://github.com/diego-treitos/linux-

smart-enumeration

https://github.com/CISOfy/lynis

https://github.com/AlessandroZ/BeRoot

https://github.com/future-architect/vuls

https://github.com/ngalongc/

AutoLocalPrivilegeEscalation

https://github.com/b3rito/yodo

https://github.com/belane/linux-soft-

exploit-suggester - lookup vulnerable

installed software

https://github.com/sevagas/swap_digger

https://github.com/NullArray/RootHelper

https://github.com/NullArray/MIDA-

Multitool

https://github.com/initstring/dirty_sock

https://github.com/jondonas/linux-exploit-

suggester-2

https://github.com/sosdave/KeyTabExtract

https://github.com/DominicBreuker/pspy

https://github.com/itsKindred/

modDetective

https://github.com/nongiach/sudo_inject

https://github.com/Anon-Exploiter/

SUID3NUM - ﬁnd suid bins and look them

up under gtfobins / exploitable or not

https://github.com/nccgroup/

GTFOBLookup - Ofﬂine GTFOBins

https://github.com/TH3xACE/SUDO_

KILLER - sudo misconﬁguration

exploitation

https://raw.githubusercontent.com/

sleventyeleven/linuxprivchecker/master/

linuxprivchecker.py

https://github.com/inquisb/unix-privesc-

check

https://github.com/hc0d3r/tas - easily

manipulate the tty and create fake binaries

https://github.com/SecWiki/linux-kernel-

exploits

https://github.com/initstring/uptux

https://github.com/andrew-d/static-

binaries - not really privesc but helpfull

Exﬁltration

https://github.com/gentilkiwi/mimikatz

https://github.com/GhostPack/SafetyKatz

https://github.com/Flangvik/

BetterSafetyKatz - Fork of SafetyKatz that

dynamically fetches the latest pre-

compiled release of Mimikatz directly

from gentilkiwi GitHub repo, runtime

patches signatures and uses SharpSploit

DInvoke to PE-Load into memory.

https://github.com/GhostPack/Rubeus

https://github.com/Arvanaghi/

SessionGopher

https://github.com/peewpw/Invoke-

WCMDump

https://github.com/tiagorlampert/sAINT

https://github.com/AlessandroZ/

LaZagneForensic - remote lazagne

https://github.com/eladshamir/Internal-

Monologue

https://github.com/djhohnstein/

SharpWeb - Browser Creds gathering

https://github.com/moonD4rk/

HackBrowserData - hack-browser-data is

an open-source tool that could help you

decrypt data[passwords|bookmarks|

cookies|history] from the browser.

https://github.com/mwrlabs/

SharpClipHistory - ClipHistory feature get

the last 25 copy paste actions

https://github.com/outﬂanknl/Dumpert -

dump lsass using direct system calls and

API unhooking

https://github.com/b4rtik/

SharpMiniDump - Create a minidump of

the LSASS process from memory - using

Dumpert

https://github.com/b4rtik/ATPMiniDump -

Evade WinDefender ATP credential-theft

https://github.com/aas-n/spraykatz -

remote procdump.exe, copy dump ﬁle to

local system and pypykatz for analysis/

extraction

https://github.com/0x09AL/RdpThief -

extract live rdp logins

https://github.com/chrismaddalena/

SharpCloud - Simple C# for checking for

the existence of credential ﬁles related to

AWS, Microsoft Azure, and Google

Compute.

https://github.com/djhohnstein/

SharpChromium - .NET 4.0 CLR Project to

retrieve Chromium data, such as cookies,

history and saved logins.

https://github.com/jfmaes/SharpHandler -

This project reuses open handles to lsass to

parse or minidump lsass

https://github.com/V1V1/SharpScribbles -

ThunderFox for Firefox Credentials,

SitkyNotesExtract for "Notes as passwords"

https://github.com/securesean/

DecryptAutoLogon - Command line tool to

extract/decrypt the password that was

stored in the LSA by SysInternals

AutoLogon

https://github.com/G0ldenGunSec/

SharpSecDump - .Net port of the remote

SAM + LSA Secrets dumping functionality

of impacket's secretsdump.py

https://github.com/EncodeGroup/Gopher -

C# tool to discover low hanging fruits like

SessionGopher

https://github.com/GhostPack/

SharpDPAPI - DPAPI Creds via C#

LSASS Dump Without Mimikatz

https://github.com/Hackndo/lsassy

https://github.com/aas-n/spraykatz

https://github.com/b4rtik/SharpKatz - C#

porting of mimikatz sekurlsa::

logonpasswords, sekurlsa::ekeys and

lsadump::dcsync commands

Credential harvesting Linux Speciﬁc

https://github.com/huntergregal/

mimipenguin

https://github.com/n1nj4sec/mimipy

https://github.com/dirtycow/dirtycow.

github.io

https://github.com/mthbernardes/

sshLooterC - SSH Credential loot

https://github.com/blendin/3snake - SSH /

Sudo / SU Credential loot

https://github.com/0xmitsurugi/

gimmecredz

https://github.com/TarlogicSecurity/

tickey - Tool to extract Kerberos tickets

from Linux kernel keys.

Data Exﬁltration - DNS/ICMP/Wiﬁ

Exﬁltration

https://github.com/FortyNorthSecurity/

Egress-Assess

https://github.com/p3nt4/Invoke-

TmpDavFS

https://github.com/DhavalKapil/

icmptunnel

https://github.com/iagox86/dnscat2

https://github.com/Arno0x/DNSExﬁltrator

https://github.com/spieglt/FlyingCarpet -

Wiﬁ Exﬁltration

https://github.com/SECFORCE/Tunna -

Tunna is a set of tools which will wrap and

tunnel any TCP communication over HTTP

https://github.com/sysdream/chashell

https://github.com/no0be/DNSlivery - Easy

ﬁles and payloads delivery over DNS

Command and Control

Cobalt Strike is software for Adversary

Simulations and Red Team Operations.

https://cobaltstrike.com/

Empire is a post-exploitation framework

that includes a pure-PowerShell2.0

Windows agent, and a pure Python 2.6/2.7

Linux/OS X agent. https://github.com/

EmpireProject/Empire

Metasploit Framework is a computer

security project that provides information

about security vulnerabilities and aids in

penetration testing and IDS signature

development. https://github.com/rapid7/

metasploit-framework

SILENTTRINITY A post-exploitation agent

https://github.com/byt3bl33d3r/

SILENTTRINITY

Pupy is an opensource, cross-platform (

Windows, Linux, OSX, Android) remote

administration and post-exploitation tool

mainly written in python. https://github.

com/n1nj4sec/pupy

Koadic or COM Command & Control, is a

Windows post-exploitation rootkit similar

to other penetration testing tools such as

Meterpreter and Powershell Empire.

https://github.com/zerosum0x0/koadic

PoshC2 is a proxy aware C2 framework

written completely in PowerShell to aid

penetration testers with red teaming, post-

exploitation and lateral movement. https://

github.com/nettitude/PoshC2_Python

Gcat a stealthy Python based backdoor

that uses Gmail as a command and

control server. https://github.com/

byt3bl33d3r/gcat

TrevorC2 is a legitimate website (

browsable) that tunnels client/server

communications for covert command

execution. https://github.com/trustedsec/

trevorc2

Merlin is a cross-platform post-exploitation

HTTP/2 Command & Control server and

agent written in golang. https://github.

com/Ne0nd0g/merlin

Quasar is a fast and light-weight remote

administration tool coded in C#. Providing

high stability and an easy-to-use user

interface, Quasar is the perfect remote

administration solution for you. https://

github.com/quasar/QuasarRAT

Covenant is a .NET command and control

framework that aims to highlight the

attack surface of .NET, make the use of

offensive .NET tradecraft easier, and serve

as a collaborative command and control

platform for red teamers. https://github.

com/cobbr/Covenant

FactionC2 is a C2 framework which use

websockets based API that allows for

interacting with agents and transports.

https://github.com/FactionC2/

DNScat2 is a tool is designed to create an

encrypted command-and-control (C&C)

channel over the DNS protocol. https://

github.com/iagox86/dnscat2

Sliver is a general purpose cross-platform

implant framework that supports C2 over

Mutual-TLS, HTTP(S), and DNS. https://

github.com/BishopFox/sliver

EvilOSX An evil RAT (Remote

Administration Tool) for macOS / OS X.

https://github.com/Marten4n6/EvilOSX

EggShell is a post exploitation surveillance

tool written in Python. It gives you a

command line session with extra

functionality between you and a target

machine. https://github.com/

neoneggplant/EggShell

Staging

Rapid Attack Infrastructure (RAI) Red

Team Infrastructure... Quick... Fast...

Simpliﬁed One of the most tedious phases

of a Red Team Operation is usually the

infrastructure setup. This usually entails a

teamserver or controller, domains,

redirectors, and a Phishing server. https://

github.com/obscuritylabs/RAI

Red Baron is a set of modules and custom/

third-party providers for Terraform which

tries to automate creating resilient,

disposable, secure and agile infrastructure

for Red Teams. https://github.com/

byt3bl33d3r/Red-Baron

EvilURL generate unicode evil domains for

IDN Homograph Attack and detect them.

https://github.com/UndeadSec/EvilURL

Domain Hunter checks expired domains,

bluecoat categorization, and Archive.org

history to determine good candidates for

phishing and C2 domain names. https://

github.com/threatexpress/domainhunter

PowerDNS is a simple proof of concept to

demonstrate the execution of PowerShell

script using DNS only. https://github.com/

mdsecactivebreach/PowerDNS

Chameleon a tool for evading Proxy

categorisation. https://github.com/

mdsecactivebreach/Chameleon

CatMyFish Search for categorized domain

that can be used during red teaming

engagement. Perfect to setup whitelisted

domain for your Cobalt Strike beacon C&C.

https://github.com/Mr-Un1k0d3r/CatMyFish

Malleable C2 is a domain speciﬁc

language to redeﬁne indicators in Beacon'

s communication. https://github.com/

rsmudge/Malleable-C2-Proﬁles

Malleable-C2-Randomizer This script

randomizes Cobalt Strike Malleable C2

proﬁles through the use of a

metalanguage, hopefully reducing the

chances of ﬂagging signature-based

detection controls. https://github.com/

bluscreenofjeff/Malleable-C2-Randomizer

FindFrontableDomains search for

potential frontable domains. https://github.

com/rvrsh3ll/FindFrontableDomains

Postﬁx-Server-Setup Setting up a phishing

server is a very long and tedious process. It

can take hours to setup, and can be

compromised in minutes. https://github.

com/n0pe-sled/Postﬁx-Server-Setup

DomainFrontingLists a list of Domain

Frontable Domains by CDN. https://github.

com/vysec/DomainFrontingLists

Apache2-Mod-Rewrite-Setup Quickly

Implement Mod-Rewrite in your

infastructure. https://github.com/n0pe-

sled/Apache2-Mod-Rewrite-Setup

mod_rewrite rule to evade vendor

sandboxes. https://gist.github.com/

curi0usJack/

971385e8334e189d93a6cb4671238b10

external_c2 framework a python

framework for usage with Cobalt Strike's

External C2. https://github.com/Und3rf10w/

external_c2_framework

Malleable-C2-Proﬁles A collection of

proﬁles used in different projects using

Cobalt Strike https://www.cobaltstrike.

com/. https://github.com/xx0hcd/

Malleable-C2-Proﬁles

ExternalC2 a library for integrating

communication channels with the Cobalt

Strike External C2 server. https://github.

com/ryhanson/ExternalC2

cs2modrewrite a tools for convert Cobalt

Strike proﬁles to modrewrite scripts.

https://github.com/threatexpress/

cs2modrewrite

e2modrewrite a tools for convert Empire

proﬁles to Apache modrewrite scripts.

https://github.com/infosecn1nja/

e2modrewrite

redi automated script for setting up

CobaltStrike redirectors (nginx reverse

proxy, letsencrypt). https://github.com/

taherio/redi

cat-sites Library of sites for categorization.

https://github.com/audrummer15/cat-sites

ycsm is a quick script installation for

resilient redirector using nginx reverse

proxy and letsencrypt compatible with

some popular Post-Ex Tools (Cobalt Strike,

Empire, Metasploit, PoshC2). https://github.

com/infosecn1nja/ycsm

Domain Fronting Google App Engine.

https://github.com/redteam-cyberark/

Google-Domain-fronting

DomainFrontDiscover Scripts and results

for ﬁnding domain frontable CloudFront

domains. https://github.com/peewpw/

DomainFrontDiscover

Automated Empire Infrastructure https://

github.com/bneg/RedTeam-Automation

Serving Random Payloads with NGINX.

https://gist.github.com/jivoi/

a33ace2e25515a31aa2ffbae246d98c9

meek is a blocking-resistant pluggable

transport for Tor. It encodes a data stream

as a sequence of HTTPS requests and

responses. https://github.com/arlolra/meek

CobaltStrike-ToolKit Some useful scripts

for CobaltStrike. https://github.com/

killswitch-GUI/CobaltStrike-ToolKit

mkhtaccess_red Auto-generate an

HTaccess for payload delivery --

automatically pulls ips/nets/etc from

known sandbox companies/sources that

have been seen before, and redirects them

to a benign payload. https://github.com/

violentlydave/mkhtaccess_red

RedFile a ﬂask wsgi application that serves

ﬁles with intelligence, good for serving

conditional RedTeam payloads. https://

github.com/outﬂanknl/RedFile

keyserver Easily serve HTTP and DNS keys

for proper payload protection. https://

github.com/leoloobeek/keyserver

DoHC2 allows the ExternalC2 library from

Ryan Hanson (https://github.com/

ryhanson/ExternalC2) to be leveraged for

command and control (C2) via DNS over

HTTPS (DoH). This is built for the popular

Adversary Simulation and Red Team

Operations Software Cobalt Strike (https://

www.cobaltstrike.com). https://github.com/

SpiderLabs/DoHC2

HTran is a connection bouncer, a kind of

proxy server. A “listener” program is

hacked stealthily onto an unsuspecting

host anywhere on the Internet. https://

github.com/HiwinCN/HTran

Adversary Emulation

MITRE CALDERA - An automated

adversary emulation system that performs

post-compromise adversarial behavior

within Windows Enterprise networks.

https://github.com/mitre/caldera

APTSimulator - A Windows Batch script

that uses a set of tools and output ﬁles to

make a system look as if it was

compromised. https://github.com/

NextronSystems/APTSimulator

Atomic Red Team - Small and highly

portable detection tests mapped to the

Mitre ATT&CK Framework. https://github.

com/redcanaryco/atomic-red-team

Network Flight Simulator - ﬂightsim is a

lightweight utility used to generate

malicious network trafﬁc and help security

teams to evaluate security controls and

network visibility. https://github.com/

alphasoc/ﬂightsim

Metta - A security preparedness tool to do

adversarial simulation. https://github.com/

uber-common/metta

Red Team Automation (RTA) - RTA

provides a framework of scripts designed

to allow blue teams to test their detection

capabilities against malicious tradecraft,

modeled after MITRE ATT&CK. https://

github.com/endgameinc/RTA

Repositores

https://github.com/infosecn1nja/Red-

Teaming-Toolkit

https://github.com/S3cur3Th1sSh1t/

Pentest-Tools

https://github.com/yeyintminthuhtut/

Awesome-Red-Teaming

https://github.com/enaqx/awesome-

pentest

https://github.com/Muhammd/Awesome-

Pentest

https://github.com/CyberSecurityUP/

Awesome-PenTest-Practice

https://drive.google.com/drive/u/0/folders/

12Mvq6kE2HJDwN2CZhEGWizyWt87Yunk

https://github.com/0x4D31/awesome-oscp

https://github.com/six2dez/OSCP-Human-

Guide

https://github.com/RustyShackleford221/

OSCP-Prep

https://github.com/wwong99/pentest-

notes/blob/master/oscp_resources/OSCP-

Survival-Guide.md

https://www.linkedin.com/in/joas-antonio-

dos-santos

Buffer Overﬂow and Exploit

Development

https://github.com/CyberSecurityUP/

Buffer-Overﬂow-Labs

https://github.com/gh0x0st/Buffer_

Overﬂow

https://github.com/freddiebarrsmith/

Buffer-Overﬂow-Exploit-Development-

Practice

https://github.com/21y4d/Windows_

BufferOverﬂowx32

https://github.com/johnjhacking/Buffer-

Overﬂow-Guide

https://github.com/npapernot/buffer-

overﬂow-attack

https://github.com/V1n1v131r4/OSCP-Buffer-

Overﬂow

https://github.com/KINGSABRI/

BufferOverﬂow-Kit

https://github.com/FabioBaroni/awesome-

exploit-development

https://github.com/Gallopsled/pwntools

https://github.com/hardenedlinux/linux-

exploit-development-tutorial

https://github.com/Billy-Ellis/Exploit-

Challenges

https://github.com/wtsxDev/Exploit-

Development

Malware Analysis and Reverse Engineering

https://github.com/rshipp/awesome-

malware-analysis

https://github.com/topics/malware-analysis

https://github.com/Apress/malware-

analysis-detection-engineering

https://github.com/SpiderLabs/malware-

analysis

https://github.com/ytisf/theZoo

https://github.com/arxlan786/Malware-

Analysis

https://github.com/nheijmans/malzoo

https://github.com/mikesiko/

PracticalMalwareAnalysis-Labs

https://github.com/secrary/SSMA

https://github.com/merces/aleph

https://github.com/mentebinaria/retoolkit

https://github.com/mytechnotalent/

Reverse-Engineering

https://github.com/wtsxDev/reverse-

engineering

https://github.com/mentebinaria/retoolkit

https://github.com/topics/reverse-

engineering

https://github.com/0xZ0F/Z0FCourse_

ReverseEngineering

https://github.com/

NationalSecurityAgency/ghidra

https://github.com/hax0rtahm1d/Reverse-

Engineering

https://github.com/tylerha97/awesome-

reversing

MindMaps by Joas