RedTeam Tools - Tools and Techniques for Red Team / Penetration Testing

[itsMe]

Collection of 100+ tools and resources that can be useful for red teaming activities.

Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context.

Warning

The materials in this repository are for informational and educational purposes only. They are not intended for use in any illegal activities.

Tool List

Red Team Tips

        Hiding the local admin account @Alh4zr3d
        Cripple windows defender by deleting signatures @Alh4zr3d
        Enable multiple RDP sessions per user @Alh4zr3d
        Sysinternals PsExec.exe local alternative @GuhnooPlusLinux
        Live off the land port scanner @Alh4zr3d
        Proxy aware PowerShell DownloadString @Alh4zr3d
        Looking for internal endpoints in browser bookmarks @Alh4zr3d
        Query DNS records for enumeration @Alh4zr3d
        Unquoted service paths without PowerUp @Alh4zr3d
        Bypass a disabled command prompt with /k Martin Sohn Christensen
        Stop windows defender deleting mimikatz.exe @GuhnooPlusLinux
        Check if you are in a virtual machine @dmcxblue

Reconnaissance

        crt.sh -> httprobe -> EyeWitness Automated domain screenshotting
        jsendpoints Extract page DOM links
        nuclei Vulnerability scanner
        certSniff Certificate transparency log keyword sniffer
        gobuster Website path brute force
        dnsrecon Enumerate DNS records
        Shodan.io Public facing system knowledge base
        AORT (All in One Recon Tool) Subdomain enumeration
        spoofcheck SPF/DMARC record checker
        AWSBucketDump S3 bucket enumeration
        GitHarvester GitHub credential searcher
        truffleHog GitHub credential scanner
        Dismap Asset discovery/identification
        enum4linux Windows/samba enumeration
        skanuvaty Dangerously fast dns/network/port scanner
        Metabigor OSINT tool without API
        Gitrob GitHub sensitive information scanner
        gowitness Web screenshot utility using Chrome Headless

Resource Development

        Chimera PowerShell obfuscation
        msfvenom Payload creation
        WSH Wsh payload
        HTA Hta payload
        VBA Vba payload

Initial Access

        Bash Bunny USB attack tool
        EvilGoPhish Phishing campaign framework
        The Social-Engineer Toolkit Phishing campaign framework
        Hydra Brute force tool
        SquarePhish OAuth/QR code phishing framework
        King Phisher Phishing campaign framework

Execution

        Responder LLMNR, NBT-NS and MDNS poisoner
        secretsdump Remote hash dumper
        evil-winrm WinRM shell
        Donut In-memory .NET execution
        Macro_pack Macro obfuscation
        PowerSploit PowerShell script suite
        Rubeus Active directory hack tool
        SharpUp Windows vulnerability identifier
        SQLRecon Offensive MS-SQL toolkit

Persistence

        Impacket Python script suite
        Empire Post-exploitation framework
        SharPersist Windows persistence toolkit

Privilege Escalation

        LinPEAS Linux privilege escalation
        WinPEAS Windows privilege escalation
        linux-smart-enumeration Linux privilege escalation
        Certify Active directory privilege escalation
        Get-GPPPassword Windows password extraction
        Sherlock PowerShell privilege escalation tool
        Watson Windows privilege escalation tool
        ImpulsiveDLLHijack DLL Hijack tool
        ADFSDump AD FS dump tool

Defense Evasion

        Invoke-Obfuscation Script obfuscator
        Veil Metasploit payload obfuscator
        SharpBlock EDR bypass via entry point execution prevention
        Alcatraz GUI x64 binary obfuscator

Credential Access

        Mimikatz Windows credential extractor
        LaZagne Local password extractor
        hashcat Password hash cracking
        John the Ripper Password hash cracking
        SCOMDecrypt SCOM Credential Decryption Tool
        nanodump LSASS process minidump creation
        eviltree Tree remake for credential discovery
        SeeYouCM-Thief Cisco phone systems configuration file parsing

Discovery

        PCredz Credential discovery PCAP/live interface
        PingCastle Active directory assessor
        Seatbelt Local vulnerability scanner
        ADRecon Active directory recon
        adidnsdump Active Directory Integrated DNS dumping

Lateral Movement

        crackmapexec Windows/Active directory lateral movement toolkit
        WMIOps WMI remote commands
        PowerLessShell Remote PowerShell without PowerShell
        PsExec Light-weight telnet-replacement
        LiquidSnake Fileless lateral movement
        Enabling RDP Windows RDP enable command
        Upgrading shell to meterpreter Reverse shell improvement
        Forwarding Ports Local port forward command
        Jenkins reverse shell Jenkins shell command
        ADFSpoof Forge AD FS security tokens
        kerbrute A tool to perform Kerberos pre-auth bruteforcing

Collection

        BloodHound Active directory visualisation
        Snaffler Active directory credential collector

Command and Control

        Havoc Command and control framework
        Covenant Command and control framework (.NET)
        Merlin Command and control framework (Golang)
        Metasploit Framework Command and control framework (Ruby)
        Pupy Command and control framework (Python)
        Brute Ratel Command and control framework ($$$)

Exfiltration

        Dnscat2 C2 via DNS tunneling
        Cloakify Data transformation for exfiltration
        PyExfil Data exfiltration PoC
        Powershell RAT Python based backdoor
        GD-Thief Google drive exfiltration

Impact

        Conti Pentester Guide Leak Conti ransomware group affilate toolkit
        SlowLoris Simple denial of service

To see this hidden content, you must like this content.