Awesome-Red-Team-Operation
PenTest and Red Teams Tools by Joas and S3cur3Th1sSh1t
Powershell Scripts
https://github.com/S3cur3Th1sSh1t/WinPwn
https://github.com/dafthack/MailSniper
https://github.com/putterpanda/mimikittenz
https://github.com/dafthack/DomainPasswordSpray
https://github.com/mdavis332/DomainPasswordSpray
https://github.com/jnqpblc/SharpSpray
https://github.com/Arvanaghi/SessionGopher
https://github.com/samratashok/nishang
https://github.com/PowerShellMafia/PowerSploit
https://github.com/fdiskyou/PowerOPS
https://github.com/giMini/PowerMemory
https://github.com/Kevin-Robertson/Inveigh
https://github.com/MichaelGrafnetter/DSInternals
https://github.com/PowerShellEmpire/PowerTools
https://github.com/FuzzySecurity/PowerShell-Suite
https://github.com/hlldz/Invoke-Phant0m
https://github.com/leoloobeek/LAPSToolkit
https://github.com/n00py/LAPSDumper
https://github.com/sense-of-security/ADRecon
https://github.com/adrecon/ADRecon
https://github.com/S3cur3Th1sSh1t/Grouper
https://github.com/l0ss/Grouper2
https://github.com/NetSPI/PowerShell
https://github.com/NetSPI/PowerUpSQL
https://github.com/GhostPack
https://github.com/Kevin-Robertson/Powermad
AMSI Bypass
https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
https://github.com/Flangvik/AMSI.fail
https://github.com/p3nt4/PowerShdll
https://github.com/jaredhaight/PSAttack
https://github.com/Cn33liz/p0wnedShell
https://github.com/cobbr/InsecurePowerShell
https://github.com/bitsadmin/nopowershell
https://github.com/Mr-Un1k0d3r/PowerLessShell
https://github.com/OmerYa/Invisi-Shell
https://github.com/Hackplayers/Salsa-tools
https://github.com/padovah4ck/PSByPassCLM
https://github.com/rasta-mouse/AmsiScanBufferBypass
https://github.com/itm4n/VBA-RunPE
https://github.com/cfalta/PowerShellArmoury
https://github.com/Mr-B0b/SpaceRunner
https://github.com/RythmStick/AMSITrigger
https://github.com/rmdavy/AMSI_Ordinal_Bypass
https://github.com/mgeeky/Stracciatella
https://github.com/med0x2e/NoAmci
https://github.com/rvrsh3ll/NoMSBuild
https://github.com/bohops/UltimateWDACBypassList
https://github.com/jxy-s/herpaderping
https://github.com/Cn33liz/MSBuildShell
Payload Hosting
https://github.com/kgretzky/pwndrop
https://github.com/sc0tfree/updog
Network Share Scanner
https://github.com/SnaffCon/Snaffler
https://github.com/djhohnstein/SharpShares
https://github.com/vivami/SauronEye
https://github.com/leftp/VmdkReader
Reverse Shellz
https://github.com/xct/xc
https://github.com/cytopia/pwncat
https://github.com/Kudaes/LOLBITS
Backdoor Finder
https://github.com/linuz/Sticky-Keys-Slayer
https://github.com/ztgrace/sticky_keys_hunter
https://github.com/countercept/doublepulsar-detection-script
Pivoting
https://github.com/0x36/VPNPivot
https://github.com/securesocketfunneling/ssf
https://github.com/p3nt4/Invoke-SocksProxy
https://github.com/sensepost/reGeorg
https://github.com/hayasec/reGeorg-Weblogic
https://github.com/nccgroup/ABPTTS
https://github.com/RedTeamOperations/PivotSuite
https://github.com/trustedsec/egressbuster
https://github.com/vincentcox/bypass-firewalls-by-DNS-history
https://github.com/shantanu561993/SharpChisel
https://github.com/jpillora/chisel
https://github.com/esrrhs/pingtunnel
https://github.com/sysdream/ligolo
https://github.com/nccgroup/SocksOverRDP
https://github.com/blackarrowsec/mssqlproxy
Persistence on Windows
https://github.com/fireeye/SharPersist
https://github.com/outflanknl/SharpHide
https://github.com/HarmJ0y/DAMP
Framework Discovery
https://github.com/Tuhinshubhra/CMSeeK
https://github.com/Dionach/CMSmap - Wordpress, Joomla, Drupal Scanner
https://github.com/wpscanteam/wpscan
https://github.com/Ekultek/WhatWaf
https://github.com/KingOfBugbounty/KingOfBugBountyTips
Framework Scanner / Exploitation
https://github.com/wpscanteam/wpscan - wordpress
https://github.com/n00py/WPForce
https://github.com/m4ll0k/WPSeku https://github.com/swisskyrepo/Wordpresscan
https://github.com/rastating/wordpress-exploit-framework
https://github.com/coldfusion39/domi-owned - lotus domino
https://github.com/droope/droopescan - Drupal
https://github.com/whoot/Typo-Enumerator - Typo3
https://github.com/rezasp/joomscan - Joomla
File / Directory / Parameter discovery
https://github.com/OJ/gobuster
https://github.com/nccgroup/dirble
https://github.com/maK-/parameth
https://github.com/devanshbatham/ParamSpider - Mining parameters from dark corners of Web Archives
https://github.com/s0md3v/Arjun - ๐
https://github.com/Cillian-Collins/dirscraper - Directory lookup from Javascript files
https://github.com/hannob/snallygaster
https://github.com/maurosoria/dirsearch
https://github.com/s0md3v/Breacher - Admin Panel Finder
https://github.com/mazen160/server-status_PWN
https://github.com/helviojunior/turbosearch
Rest API Audit
https://github.com/microsoft/restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
https://github.com/flipkart-incubator/Astra
Windows Privilege Escalation / Audit
https://github.com/itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS - powerfull Privilege Escalation Check Script with nice output
https://github.com/AlessandroZ/BeRoot
https://github.com/rasta-mouse/Sherlock
https://github.com/hfiref0x/UACME - UAC
https://github.com/rootm0s/WinPwnage - UAC
https://github.com/abatchy17/WindowsExploits
https://github.com/dafthack/HostRecon
https://github.com/sensepost/rattler - find vulnerable dlls for preloading attack
https://github.com/WindowsExploits/Exploits
https://github.com/Cybereason/siofra - dll hijack scanner
https://github.com/0xbadjuju/Tokenvator - admin to system
https://github.com/MojtabaTajik/Robber
https://github.com/411Hall/JAWS
https://github.com/GhostPack/SharpUp
https://github.com/GhostPack/Seatbelt
https://github.com/A-mIn3/WINspect
https://github.com/hausec/ADAPE-Script
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/bitsadmin/wesng
https://github.com/rasta-mouse/Watson
https://www.linkedin.com/in/joas-antonio-dos-santos
Windows Privilege Abuse (Privilege Escalation)
https://github.com/gtworek/Priv2Admin - Abuse Windows Privileges
https://github.com/itm4n/UsoDllLoader - load malicious dlls from system32
https://github.com/TsukiCTF/Lovely-Potato - Exploit potatoes with automation
https://github.com/antonioCoco/RogueWinRM - from Service Account to System
https://github.com/antonioCoco/RoguePotato - Another Windows Local Privilege Escalation from Service Account to System
https://github.com/itm4n/PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
https://github.com/BeichenDream/BadPotato - itm4ns Printspoofer in C#
https://github.com/itm4n/FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account
Exfiltration
https://github.com/gentilkiwi/mimikatz
https://github.com/GhostPack/SafetyKatz
https://github.com/Flangvik/BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
https://github.com/GhostPack/Rubeus
https://github.com/Arvanaghi/SessionGopher
https://github.com/peewpw/Invoke-WCMDump
https://github.com/tiagorlampert/sAINT
https://github.com/AlessandroZ/LaZagneForensic - remote lazagne
https://github.com/eladshamir/Internal-Monologue
https://github.com/djhohnstein/SharpWeb - Browser Creds gathering
https://github.com/moonD4rk/HackBrowserData - hack-browser-data is an open-source tool that could help you decrypt data[passwords|bookmarks|cookies|history] from the browser.
https://github.com/mwrlabs/SharpClipHistory - ClipHistory feature get the last 25 copy paste actions
https://github.com/outflanknl/Dumpert - dump lsass using direct system calls and API unhooking
https://github.com/b4rtik/SharpMiniDump - Create a minidump of the LSASS process from memory - using Dumpert
https://github.com/b4rtik/ATPMiniDump - Evade WinDefender ATP credential-theft
https://github.com/aas-n/spraykatz - remote procdump.exe, copy dump file to local system and pypykatz for analysis/extraction
https://github.com/0x09AL/RdpThief - extract live rdp logins
https://github.com/chrismaddalena/SharpCloud - Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute.
https://github.com/djhohnstein/SharpChromium - .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.
https://github.com/jfmaes/SharpHandler - This project reuses open handles to lsass to parse or minidump lsass
https://github.com/V1V1/SharpScribbles - ThunderFox for Firefox Credentials, SitkyNotesExtract for "Notes as passwords"
https://github.com/securesean/DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
https://github.com/G0ldenGunSec/SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
https://github.com/EncodeGroup/Gopher - C# tool to discover low hanging fruits like SessionGopher
https://github.com/GhostPack/SharpDPAPI - DPAPI Creds via C#
LSASS Dump Without Mimikatz
https://github.com/Hackndo/lsassy
https://github.com/aas-n/spraykatz
https://github.com/b4rtik/SharpKatz - C# porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
Credential harvesting Linux Specific
- https://github.com/huntergregal/mimipenguin
- https://github.com/n1nj4sec/mimipy
- https://github.com/dirtycow/dirtycow.github.io
- https://github.com/mthbernardes/sshLooterC - SSH Credential loot
- https://github.com/blendin/3snake - SSH / Sudo / SU Credential loot
- https://github.com/0xmitsurugi/gimmecredz
- https://github.com/TarlogicSecurity/tickey - Tool to extract Kerberos tickets from Linux kernel keys.
Data Exfiltration - DNS/ICMP/Wifi Exfiltration
- https://github.com/FortyNorthSecurity/Egress-Assess
- https://github.com/p3nt4/Invoke-TmpDavFS
- https://github.com/DhavalKapil/icmptunnel
- https://github.com/iagox86/dnscat2
- https://github.com/Arno0x/DNSExfiltrator
- https://github.com/spieglt/FlyingCarpet - Wifi Exfiltration
- https://github.com/SECFORCE/Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP
- https://github.com/sysdream/chashell
- https://github.com/no0be/DNSlivery - Easy files and payloads delivery over DNS
Staging
https://github.com/obscuritylabs/RAI
Rapid Attack Infrastructure (RAI) Red Team Infrastructure... Quick... Fast... Simplified One of the most tedious phases of a Red Team Operation is usually the infrastructure setup. This usually entails a teamserver or controller, domains, redirectors, and a Phishing server.https://github.com/byt3bl33d3r/Red-Baron
Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams.https://github.com/UndeadSec/EvilURL
EvilURL generate unicode evil domains for IDN Homograph Attack and detect them.https://github.com/threatexpress/domainhunter
Domain Hunter checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names.https://github.com/mdsecactivebreach/PowerDNS
PowerDNS is a simple proof of concept to demonstrate the execution of PowerShell script using DNS only.https://github.com/mdsecactivebreach/Chameleon
Chameleon a tool for evading Proxy categorisation.https://github.com/Mr-Un1k0d3r/CatMyFish
CatMyFish Search for categorized domain that can be used during red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C.https://github.com/rsmudge/Malleable-C2-Profiles
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication.https://github.com/bluscreenofjeff/Malleable-C2-Randomizer
Malleable-C2-Randomizer This script randomizes Cobalt Strike Malleable C2 profiles through the use of a metalanguage, hopefully reducing the chances of flagging signature-based detection controls.https://github.com/rvrsh3ll/FindFrontableDomains
FindFrontableDomains search for potential frontable domains.https://github.com/n0pe-sled/Postfix-Server-Setup
Postfix-Server-Setup Setting up a phishing server is a very long and tedious process. It can take hours to setup, and can be compromised in minutes.https://github.com/vysec/DomainFrontingLists
DomainFrontingLists a list of Domain Frontable Domains by CDN.https://github.com/n0pe-sled/Apache2-Mod-Rewrite-Setup
Apache2-Mod-Rewrite-Setup Quickly Implement Mod-Rewrite in your infastructure.https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10
mod_rewrite rule to evade vendor sandboxes.https://github.com/Und3rf10w/external_c2_framework
external_c2 framework a python framework for usage with Cobalt Strike's External C2.https://www.cobaltstrike.com/. https://github.com/xx0hcd/Malleable-C2-Profiles
Malleable-C2-Profiles A collection of profiles used in different projects using Cobalt Strikehttps://github.com/ryhanson/ExternalC2
ExternalC2 a library for integrating communication channels with the Cobalt Strike External C2 server.https://github.com/threatexpress/cs2modrewrite
cs2modrewrite a tools for convert Cobalt Strike profiles to modrewrite scripts.https://github.com/infosecn1nja/e2modrewrite
e2modrewrite a tools for convert Empire profiles to Apache modrewrite scripts.https://github.com/taherio/redi
redi automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt).https://github.com/audrummer15/cat-sites
cat-sites Library of sites for categorization.https://github.com/infosecn1nja/ycsm
ycsm is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).https://github.com/redteam-cyberark/Google-Domain-fronting
Domain Fronting Google App Engine.https://github.com/peewpw/DomainFrontDiscover
DomainFrontDiscover Scripts and results for finding domain frontable CloudFront domains.https://github.com/bneg/RedTeam-Automation
Automated Empire Infrastructurehttps://gist.github.com/jivoi/a33ace2e25515a31aa2ffbae246d98c9
Serving Random Payloads with NGINX.https://github.com/arlolra/meek
meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses.https://github.com/killswitch-GUI/CobaltStrike-ToolKit
CobaltStrike-ToolKit Some useful scripts for CobaltStrike.https://github.com/violentlydave/mkhtaccess_red
mkhtaccess_red Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been seen before, and redirects them to a benign payload.https://github.com/outflanknl/RedFile
RedFile a flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads.https://github.com/leoloobeek/keyserver
keyserver Easily serve HTTP and DNS keys for proper payload protection.https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike (https://www.cobaltstrike.com). https://github.com/SpiderLabs/DoHC2
DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/HiwinCN/HTran
HTran is a connection bouncer, a kind of proxy server. A โlistenerโ program is hacked stealthily onto an unsuspecting host anywhere on the Internet.Buffer Overflow and Exploit Development
https://github.com/CyberSecurityUP/Buffer-Overflow-Labs
https://github.com/gh0x0st/Buffer_Overflow
https://github.com/freddiebarrsmith/Buffer-Overflow-Exploit-Development-Practice
https://github.com/21y4d/Windows_BufferOverflowx32
https://github.com/johnjhacking/Buffer-Overflow-Guide
https://github.com/npapernot/buffer-overflow-attack
https://github.com/V1n1v131r4/OSCP-Buffer-Overflow
https://github.com/KINGSABRI/BufferOverflow-Kit
https://github.com/FabioBaroni/awesome-exploit-development
https://github.com/Gallopsled/pwntools
https://github.com/hardenedlinux/linux-exploit-development-tutorial
https://github.com/Billy-Ellis/Exploit-Challenges
https://github.com/wtsxDev/Exploit-Development
MindMaps by Joas
https://www.mindmeister.com/pt/1746180947/web-attacks-bug-bounty-and-appsec-by-joas-antonio
https://www.mindmeister.com/pt/1760781948/information-security-certifications-by-joas-antonio
https://www.mindmeister.com/pt/1781013629/the-best-labs-and-ctf-red-team-and-pentest
https://www.mindmeister.com/pt/1760781948/information-security-certifications-by-joas-antonio
https://www.mindmeister.com/pt/1746187693/cyber-security-career-knowledge-by-joas-antonio
Lateral Movement
https://github.com/0xthirteen/SharpRDP
https://github.com/0xthirteen/MoveKit
https://github.com/0xthirteen/SharpMove
https://github.com/rvrsh3ll/SharpCOM
https://github.com/malcomvetter/CSExec
https://github.com/byt3bl33d3r/CrackMapExec
https://github.com/cube0x0/SharpMapExec
https://github.com/nccgroup/WMIcmd
https://github.com/rasta-mouse/MiscTools
https://github.com/byt3bl33d3r/DeathStar
https://github.com/SpiderLabs/portia
https://github.com/Screetsec/Vegile
https://github.com/DanMcInerney/icebreaker
https://github.com/MooseDojo/apt2
https://github.com/hdm/nextnet
https://github.com/mubix/IOXIDResolver
https://github.com/Hackplayers/evil-winrm
https://github.com/bohops/WSMan-WinRM
https://github.com/dirkjanm/krbrelayx
https://github.com/Mr-Un1k0d3r/SCShell
https://github.com/rvazarkar/GMSAPasswordReader
https://github.com/fdiskyou/hunter
https://github.com/360-Linton-Lab/WMIHACKER
https://github.com/leechristensen/SpoolSample
https://github.com/leftp/SpoolSamplerNET
https://github.com/lexfo/rpc2socks
https://github.com/checkymander/sshiva
https://github.com/dev-2null/ADCollector
POST Exploitation
https://github.com/mubix/post-exploitation
https://github.com/emilyanncr/Windows-Post-Exploitation
https://github.com/nettitude/Invoke-PowerThIEf
https://github.com/ThunderGunExpress/BADministration
https://github.com/bohops/SharpRDPHijack
https://github.com/antonioCoco/RunasCs
https://github.com/klsecservices/Invoke-Vnc
https://github.com/mandatoryprogrammer/CursedChrome
https://github.com/djhohnstein/WireTap
https://github.com/GhostPack/Lockless
https://github.com/infosecn1nja/SharpDoor
Phishing Tools
- https://github.com/hlldz/pickl3
- https://github.com/shantanu561993/SharpLoginPrompt
- https://github.com/Dviros/CredsLeaker
- https://github.com/bitsadmin/fakelogonscreen
- https://github.com/CCob/PinSwipe