https://github.com/Dionach/CMSmap - Wordpress, Joomla, Drupal Scanner
https://github.com/wpscanteam/wpscan - wordpress
https://github.com/m4ll0k/WPSeku https://github.com/swisskyrepo/Wordpresscan
https://github.com/coldfusion39/domi-owned - lotus domino
https://github.com/rezasp/joomscan - Joomla
https://github.com/devanshbatham/ParamSpider - Mining parameters from dark corners of Web Archives
https://github.com/Cillian-Collins/dirscraper - Directory lookup from Javascript files
https://github.com/s0md3v/Breacher - Admin Panel Finder
https://github.com/microsoft/restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
https://github.com/itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS - powerfull Privilege Escalation Check Script with nice output
https://github.com/sensepost/rattler - find vulnerable dlls for preloading attack
https://github.com/Cybereason/siofra - dll hijack scanner
https://github.com/0xbadjuju/Tokenvator - admin to system
https://github.com/gtworek/Priv2Admin - Abuse Windows Privileges
https://github.com/itm4n/UsoDllLoader - load malicious dlls from system32
https://github.com/TsukiCTF/Lovely-Potato - Exploit potatoes with automation
https://github.com/antonioCoco/RogueWinRM - from Service Account to System
https://github.com/antonioCoco/RoguePotato - Another Windows Local Privilege Escalation from Service Account to System
https://github.com/itm4n/PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
https://github.com/BeichenDream/BadPotato - itm4ns Printspoofer in C#
https://github.com/itm4n/FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account
https://github.com/Flangvik/BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
https://github.com/AlessandroZ/LaZagneForensic - remote lazagne
https://github.com/djhohnstein/SharpWeb - Browser Creds gathering
https://github.com/moonD4rk/HackBrowserData - hack-browser-data is an open-source tool that could help you decrypt data[passwords|bookmarks|cookies|history] from the browser.
https://github.com/mwrlabs/SharpClipHistory - ClipHistory feature get the last 25 copy paste actions
https://github.com/outflanknl/Dumpert - dump lsass using direct system calls and API unhooking
https://github.com/b4rtik/SharpMiniDump - Create a minidump of the LSASS process from memory - using Dumpert
https://github.com/b4rtik/ATPMiniDump - Evade WinDefender ATP credential-theft
https://github.com/aas-n/spraykatz - remote procdump.exe, copy dump file to local system and pypykatz for analysis/extraction
https://github.com/0x09AL/RdpThief - extract live rdp logins
https://github.com/chrismaddalena/SharpCloud - Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute.
https://github.com/djhohnstein/SharpChromium - .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.
https://github.com/jfmaes/SharpHandler - This project reuses open handles to lsass to parse or minidump lsass
https://github.com/V1V1/SharpScribbles - ThunderFox for Firefox Credentials, SitkyNotesExtract for "Notes as passwords"
https://github.com/securesean/DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
https://github.com/G0ldenGunSec/SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
https://github.com/EncodeGroup/Gopher - C# tool to discover low hanging fruits like SessionGopher
https://github.com/GhostPack/SharpDPAPI - DPAPI Creds via C#
LSASS Dump Without Mimikatz
https://github.com/b4rtik/SharpKatz - C# porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
Credential harvesting Linux Specific
https://github.com/mthbernardes/sshLooterC - SSH Credential loot
https://github.com/blendin/3snake - SSH / Sudo / SU Credential loot
https://github.com/TarlogicSecurity/tickey - Tool to extract Kerberos tickets from Linux kernel keys.
Data Exfiltration - DNS/ICMP/Wifi Exfiltration
https://github.com/spieglt/FlyingCarpet - Wifi Exfiltration
https://github.com/SECFORCE/Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP
https://github.com/no0be/DNSlivery - Easy files and payloads delivery over DNS
Rapid Attack Infrastructure (RAI) Red Team Infrastructure... Quick... Fast... Simplified One of the most tedious phases of a Red Team Operation is usually the infrastructure setup. This usually entails a teamserver or controller, domains, redirectors, and a Phishing server. https://github.com/obscuritylabs/RAI
Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams. https://github.com/byt3bl33d3r/Red-Baron
EvilURL generate unicode evil domains for IDN Homograph Attack and detect them. https://github.com/UndeadSec/EvilURL
Domain Hunter checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names. https://github.com/threatexpress/domainhunter
PowerDNS is a simple proof of concept to demonstrate the execution of PowerShell script using DNS only. https://github.com/mdsecactivebreach/PowerDNS
Chameleon a tool for evading Proxy categorisation. https://github.com/mdsecactivebreach/Chameleon
CatMyFish Search for categorized domain that can be used during red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. https://github.com/Mr-Un1k0d3r/CatMyFish
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. https://github.com/rsmudge/Malleable-C2-Profiles
Malleable-C2-Randomizer This script randomizes Cobalt Strike Malleable C2 profiles through the use of a metalanguage, hopefully reducing the chances of flagging signature-based detection controls. https://github.com/bluscreenofjeff/Malleable-C2-Randomizer
FindFrontableDomains search for potential frontable domains. https://github.com/rvrsh3ll/FindFrontableDomains
Postfix-Server-Setup Setting up a phishing server is a very long and tedious process. It can take hours to setup, and can be compromised in minutes. https://github.com/n0pe-sled/Postfix-Server-Setup
DomainFrontingLists a list of Domain Frontable Domains by CDN. https://github.com/vysec/DomainFrontingLists
Apache2-Mod-Rewrite-Setup Quickly Implement Mod-Rewrite in your infastructure. https://github.com/n0pe-sled/Apache2-Mod-Rewrite-Setup
mod_rewrite rule to evade vendor sandboxes. https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10
external_c2 framework a python framework for usage with Cobalt Strike's External C2. https://github.com/Und3rf10w/external_c2_framework
Malleable-C2-Profiles A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/. https://github.com/xx0hcd/Malleable-C2-Profiles
ExternalC2 a library for integrating communication channels with the Cobalt Strike External C2 server. https://github.com/ryhanson/ExternalC2
cs2modrewrite a tools for convert Cobalt Strike profiles to modrewrite scripts. https://github.com/threatexpress/cs2modrewrite
e2modrewrite a tools for convert Empire profiles to Apache modrewrite scripts. https://github.com/infosecn1nja/e2modrewrite
redi automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt). https://github.com/taherio/redi
cat-sites Library of sites for categorization. https://github.com/audrummer15/cat-sites
ycsm is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2). https://github.com/infosecn1nja/ycsm
Domain Fronting Google App Engine. https://github.com/redteam-cyberark/Google-Domain-fronting
DomainFrontDiscover Scripts and results for finding domain frontable CloudFront domains. https://github.com/peewpw/DomainFrontDiscover
Automated Empire Infrastructure https://github.com/bneg/RedTeam-Automation
Serving Random Payloads with NGINX. https://gist.github.com/jivoi/a33ace2e25515a31aa2ffbae246d98c9
meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. https://github.com/arlolra/meek
CobaltStrike-ToolKit Some useful scripts for CobaltStrike. https://github.com/killswitch-GUI/CobaltStrike-ToolKit
mkhtaccess_red Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been seen before, and redirects them to a benign payload. https://github.com/violentlydave/mkhtaccess_red
RedFile a flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads. https://github.com/outflanknl/RedFile
keyserver Easily serve HTTP and DNS keys for proper payload protection. https://github.com/leoloobeek/keyserver
DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike (https://www.cobaltstrike.com). https://github.com/SpiderLabs/DoHC2
HTran is a connection bouncer, a kind of proxy server. A “listener” program is hacked stealthily onto an unsuspecting host anywhere on the Internet. https://github.com/HiwinCN/HTran
Phishing Tools
https://github.com/m4ll0k/WAScan - all in one scanner
https://github.com/s0md3v/XSStrike - XSS discovery
https://github.com/sting8k/BurpSuite_403Bypasser - Burpsuite Extension to bypass 403 restricted directory
https://github.com/tennc/webshell - shellz
https://github.com/orf/xcat - xpath injection
https://github.com/almandin/fuxploider - File Uploads
https://github.com/nccgroup/freddy - deserialization
https://github.com/irsdl/IIS-ShortName-Scanner - IIS Short Filename Vuln. exploitation
https://github.com/frohoff/ysoserial - Deserialize Java Exploitation
https://github.com/pwntester/ysoserial.net - Deserialize .NET Exploitation
https://github.com/internetwache/GitTools - Exploit .git Folder Existence
https://github.com/cujanovic/SSRF-Testing - SSRF Tutorials
https://github.com/ambionics/phpggc - PHP Unserialize Payload generator
https://github.com/BuffaloWill/oxml_xxe - Malicious Office XXE payload generator
https://github.com/tijme/angularjs-csti-scanner - Angularjs Csti Scanner
https://github.com/0xacb/viewgen - Deserialize .NET Viewstates
https://github.com/Illuminopi/RCEvil.NET - Deserialize .NET Viewstates
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS - powerfull Privilege Escalation Check Script with nice output
https://github.com/belane/linux-soft-exploit-suggester - lookup vulnerable installed software
https://github.com/Anon-Exploiter/SUID3NUM - find suid bins and look them up under gtfobins / exploitable or not
https://github.com/nccgroup/GTFOBLookup - Offline GTFOBins
https://github.com/TH3xACE/SUDO_KILLER - sudo misconfiguration exploitation
https://github.com/hc0d3r/tas - easily manipulate the tty and create fake binaries
https://github.com/andrew-d/static-binaries - not really privesc but helpfull
Cobalt Strike is software for Adversary Simulations and Red Team Operations. https://cobaltstrike.com/
Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. https://github.com/EmpireProject/Empire
Metasploit Framework is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. https://github.com/rapid7/metasploit-framework
SILENTTRINITY A post-exploitation agent powered by Python, IronPython, C#/.NET. https://github.com/byt3bl33d3r/SILENTTRINITY
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python. https://github.com/n1nj4sec/pupy
Koadic or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. https://github.com/zerosum0x0/koadic
PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. https://github.com/nettitude/PoshC2_Python
Gcat a stealthy Python based backdoor that uses Gmail as a command and control server. https://github.com/byt3bl33d3r/gcat
TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution. https://github.com/trustedsec/trevorc2
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. https://github.com/Ne0nd0g/merlin
Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. https://github.com/quasar/QuasarRAT
Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. https://github.com/cobbr/Covenant
FactionC2 is a C2 framework which use websockets based API that allows for interacting with agents and transports. https://github.com/FactionC2/
DNScat2 is a tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. https://github.com/iagox86/dnscat2
Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. https://github.com/BishopFox/sliver
EvilOSX An evil RAT (Remote Administration Tool) for macOS / OS X. https://github.com/Marten4n6/EvilOSX
EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. https://github.com/neoneggplant/EggShell
MITRE CALDERA - An automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. https://github.com/mitre/caldera
APTSimulator - A Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. https://github.com/NextronSystems/APTSimulator
Atomic Red Team - Small and highly portable detection tests mapped to the Mitre ATT&CK Framework. https://github.com/redcanaryco/atomic-red-team
Network Flight Simulator - flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. https://github.com/alphasoc/flightsim
Metta - A security preparedness tool to do adversarial simulation. https://github.com/uber-common/metta
Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK. https://github.com/endgameinc/RTA