Awesome Red Team Ops

https://github.com/S3cur3Th1sSh1t/WinPwn

https://github.com/dafthack/MailSniper

https://github.com/putterpanda/mimikittenz

https://github.com/dafthack/DomainPasswordSpray

https://github.com/mdavis332/DomainPasswordSpray

https://github.com/jnqpblc/SharpSpray

https://github.com/Arvanaghi/SessionGopher

https://github.com/samratashok/nishang

https://github.com/PowerShellMafia/PowerSploit

https://github.com/fdiskyou/PowerOPS

https://github.com/giMini/PowerMemory

https://github.com/Kevin-Robertson/Inveigh

https://github.com/MichaelGrafnetter/DSInternals

https://github.com/PowerShellEmpire/PowerTools

https://github.com/FuzzySecurity/PowerShell-Suite

https://github.com/hlldz/Invoke-Phant0m

https://github.com/leoloobeek/LAPSToolkit

https://github.com/n00py/LAPSDumper

https://github.com/sense-of-security/ADRecon

https://github.com/adrecon/ADRecon

https://github.com/S3cur3Th1sSh1t/Grouper

https://github.com/l0ss/Grouper2

https://github.com/NetSPI/PowerShell

https://github.com/NetSPI/PowerUpSQL

https://github.com/GhostPack

https://github.com/Kevin-Robertson/Powermad

AMSI Bypass

https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell

https://github.com/Flangvik/AMSI.fail

https://github.com/p3nt4/PowerShdll

https://github.com/jaredhaight/PSAttack

https://github.com/Cn33liz/p0wnedShell

https://github.com/cobbr/InsecurePowerShell

https://github.com/bitsadmin/nopowershell

https://github.com/Mr-Un1k0d3r/PowerLessShell

https://github.com/OmerYa/Invisi-Shell

https://github.com/Hackplayers/Salsa-tools

https://github.com/padovah4ck/PSByPassCLM

https://github.com/rasta-mouse/AmsiScanBufferBypass

https://github.com/itm4n/VBA-RunPE

https://github.com/cfalta/PowerShellArmoury

https://github.com/Mr-B0b/SpaceRunner

https://github.com/RythmStick/AMSITrigger

https://github.com/rmdavy/AMSI_Ordinal_Bypass

https://github.com/mgeeky/Stracciatella

https://github.com/med0x2e/NoAmci

https://github.com/rvrsh3ll/NoMSBuild

https://github.com/bohops/UltimateWDACBypassList

https://github.com/jxy-s/herpaderping

https://github.com/Cn33liz/MSBuildShell

Payload Hosting

https://github.com/kgretzky/pwndrop

https://github.com/sc0tfree/updog

Network Share Scanner

https://github.com/SnaffCon/Snaffler

https://github.com/djhohnstein/SharpShares

https://github.com/vivami/SauronEye

https://github.com/leftp/VmdkReader

Reverse Shellz

https://github.com/xct/xc

https://github.com/cytopia/pwncat

https://github.com/Kudaes/LOLBITS

Backdoor Finder

https://github.com/linuz/Sticky-Keys-Slayer

https://github.com/ztgrace/sticky_keys_hunter

https://github.com/countercept/doublepulsar-detection-script

Pivoting

https://github.com/0x36/VPNPivot

https://github.com/securesocketfunneling/ssf

https://github.com/p3nt4/Invoke-SocksProxy

https://github.com/sensepost/reGeorg

https://github.com/hayasec/reGeorg-Weblogic

https://github.com/nccgroup/ABPTTS

https://github.com/RedTeamOperations/PivotSuite

https://github.com/trustedsec/egressbuster

https://github.com/vincentcox/bypass-firewalls-by-DNS-history

https://github.com/shantanu561993/SharpChisel

https://github.com/jpillora/chisel

https://github.com/esrrhs/pingtunnel

https://github.com/sysdream/ligolo

https://github.com/nccgroup/SocksOverRDP

https://github.com/blackarrowsec/mssqlproxy

Persistence on Windows

https://github.com/fireeye/SharPersist

https://github.com/outflanknl/SharpHide

https://github.com/HarmJ0y/DAMP

Framework Discovery

https://github.com/Tuhinshubhra/CMSeeK

https://github.com/Dionach/CMSmap – WordPress, Joomla, Drupal Scanner

https://github.com/wpscanteam/wpscan

https://github.com/Ekultek/WhatWaf

https://github.com/KingOfBugbounty/KingOfBugBountyTips

Framework Scanner / Exploitation

https://github.com/wpscanteam/wpscan – wordpress

https://github.com/n00py/WPForce

https://github.com/m4ll0k/WPSeku https://github.com/swisskyrepo/Wordpresscan

https://github.com/rastating/wordpress-exploit-framework

https://github.com/coldfusion39/domi-owned – lotus domino

https://github.com/droope/droopescan – Drupal

https://github.com/whoot/Typo-Enumerator – Typo3

https://github.com/rezasp/joomscan – Joomla

File / Directory / Parameter discovery

https://github.com/OJ/gobuster

https://github.com/nccgroup/dirble

https://github.com/maK-/parameth

https://github.com/devanshbatham/ParamSpider – Mining parameters from dark corners of Web Archives

https://github.com/s0md3v/Arjun – 💗

https://github.com/Cillian-Collins/dirscraper – Directory lookup from Javascript files

https://github.com/hannob/snallygaster

https://github.com/maurosoria/dirsearch

https://github.com/s0md3v/Breacher – Admin Panel Finder

https://github.com/mazen160/server-status_PWN

https://github.com/helviojunior/turbosearch

Rest API Audit

https://github.com/microsoft/restler-fuzzer – RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

https://github.com/flipkart-incubator/Astra

Windows Privilege Escalation / Audit

https://github.com/itm4n/PrivescCheck – Privilege Escalation Enumeration Script for Windows

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS – powerfull Privilege Escalation Check Script with nice output

https://github.com/AlessandroZ/BeRoot

https://github.com/rasta-mouse/Sherlock

https://github.com/hfiref0x/UACME – UAC

https://github.com/rootm0s/WinPwnage – UAC

https://github.com/abatchy17/WindowsExploits

https://github.com/dafthack/HostRecon

https://github.com/sensepost/rattler – find vulnerable dlls for preloading attack

https://github.com/WindowsExploits/Exploits

https://github.com/Cybereason/siofra – dll hijack scanner

https://github.com/0xbadjuju/Tokenvator – admin to system

https://github.com/MojtabaTajik/Robber

https://github.com/411Hall/JAWS

https://github.com/GhostPack/SharpUp

https://github.com/GhostPack/Seatbelt

https://github.com/A-mIn3/WINspect

https://github.com/hausec/ADAPE-Script

https://github.com/SecWiki/windows-kernel-exploits

https://github.com/bitsadmin/wesng

https://github.com/rasta-mouse/Watson

LinkedIn

https://www.linkedin.com/in/joas-antonio-dos-santos

Windows Privilege Abuse (Privilege Escalation)

https://github.com/gtworek/Priv2Admin – Abuse Windows Privileges

https://github.com/itm4n/UsoDllLoader – load malicious dlls from system32

https://github.com/TsukiCTF/Lovely-Potato – Exploit potatoes with automation

https://github.com/antonioCoco/RogueWinRM – from Service Account to System

https://github.com/antonioCoco/RoguePotato – Another Windows Local Privilege Escalation from Service Account to System

https://github.com/itm4n/PrintSpoofer – Abusing Impersonation Privileges on Windows 10 and Server 2019

https://github.com/BeichenDream/BadPotato – itm4ns Printspoofer in C#

https://github.com/itm4n/FullPowers – Recover the default privilege set of a LOCAL/NETWORK SERVICE account

Exfiltration

https://github.com/gentilkiwi/mimikatz

https://github.com/GhostPack/SafetyKatz

https://github.com/Flangvik/BetterSafetyKatz – Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.

https://github.com/GhostPack/Rubeus

https://github.com/Arvanaghi/SessionGopher

https://github.com/peewpw/Invoke-WCMDump

https://github.com/tiagorlampert/sAINT

https://github.com/AlessandroZ/LaZagneForensic – remote lazagne

https://github.com/eladshamir/Internal-Monologue

https://github.com/djhohnstein/SharpWeb – Browser Creds gathering

https://github.com/moonD4rk/HackBrowserData – hack-browser-data is an open-source tool that could help you decrypt data[passwords|bookmarks|cookies|history] from the browser.

https://github.com/mwrlabs/SharpClipHistory – ClipHistory feature get the last 25 copy paste actions

https://github.com/outflanknl/Dumpert – dump lsass using direct system calls and API unhooking

https://github.com/b4rtik/SharpMiniDump – Create a minidump of the LSASS process from memory – using Dumpert

https://github.com/b4rtik/ATPMiniDump – Evade WinDefender ATP credential-theft

https://github.com/aas-n/spraykatz – remote procdump.exe, copy dump file to local system and pypykatz for analysis/extraction

https://github.com/0x09AL/RdpThief – extract live rdp logins

https://github.com/chrismaddalena/SharpCloud – Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute.

https://github.com/djhohnstein/SharpChromium – .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.

https://github.com/jfmaes/SharpHandler – This project reuses open handles to lsass to parse or minidump lsass

https://github.com/V1V1/SharpScribbles – ThunderFox for Firefox Credentials, SitkyNotesExtract for “Notes as passwords”

https://github.com/securesean/DecryptAutoLogon – Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon

https://github.com/G0ldenGunSec/SharpSecDump – .Net port of the remote SAM + LSA Secrets dumping functionality of impacket’s secretsdump.py

https://github.com/EncodeGroup/Gopher – C# tool to discover low hanging fruits like SessionGopher

https://github.com/GhostPack/SharpDPAPI – DPAPI Creds via C#

LSASS Dump Without Mimikatz

https://github.com/Hackndo/lsassy

https://github.com/aas-n/spraykatz

https://github.com/b4rtik/SharpKatz – C# porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands

Credential harvesting Linux Specific

Data Exfiltration – DNS/ICMP/Wifi Exfiltration

Staging

Rapid Attack Infrastructure (RAI) Red Team Infrastructure… Quick… Fast… Simplified One of the most tedious phases of a Red Team Operation is usually the infrastructure setup. This usually entails a teamserver or controller, domains, redirectors, and a Phishing server. https://github.com/obscuritylabs/RAI

Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams. https://github.com/byt3bl33d3r/Red-Baron

EvilURL generate unicode evil domains for IDN Homograph Attack and detect them. https://github.com/UndeadSec/EvilURL

Domain Hunter checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names. https://github.com/threatexpress/domainhunter

PowerDNS is a simple proof of concept to demonstrate the execution of PowerShell script using DNS only. https://github.com/mdsecactivebreach/PowerDNS

Chameleon a tool for evading Proxy categorisation. https://github.com/mdsecactivebreach/Chameleon

CatMyFish Search for categorized domain that can be used during red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. https://github.com/Mr-Un1k0d3r/CatMyFish

Malleable C2 is a domain specific language to redefine indicators in Beacon’s communication. https://github.com/rsmudge/Malleable-C2-Profiles

Malleable-C2-Randomizer This script randomizes Cobalt Strike Malleable C2 profiles through the use of a metalanguage, hopefully reducing the chances of flagging signature-based detection controls. https://github.com/bluscreenofjeff/Malleable-C2-Randomizer

FindFrontableDomains search for potential frontable domains. https://github.com/rvrsh3ll/FindFrontableDomains

Postfix-Server-Setup Setting up a phishing server is a very long and tedious process. It can take hours to setup, and can be compromised in minutes. https://github.com/n0pe-sled/Postfix-Server-Setup

DomainFrontingLists a list of Domain Frontable Domains by CDN. https://github.com/vysec/DomainFrontingLists

Apache2-Mod-Rewrite-Setup Quickly Implement Mod-Rewrite in your infastructure. https://github.com/n0pe-sled/Apache2-Mod-Rewrite-Setup

mod_rewrite rule to evade vendor sandboxes. https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10

external_c2 framework a python framework for usage with Cobalt Strike’s External C2. https://github.com/Und3rf10w/external_c2_framework

Malleable-C2-Profiles A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/https://github.com/xx0hcd/Malleable-C2-Profiles

ExternalC2 a library for integrating communication channels with the Cobalt Strike External C2 server. https://github.com/ryhanson/ExternalC2

cs2modrewrite a tools for convert Cobalt Strike profiles to modrewrite scripts. https://github.com/threatexpress/cs2modrewrite

e2modrewrite a tools for convert Empire profiles to Apache modrewrite scripts. https://github.com/infosecn1nja/e2modrewrite

redi automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt). https://github.com/taherio/redi

cat-sites Library of sites for categorization. https://github.com/audrummer15/cat-sites

ycsm is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2). https://github.com/infosecn1nja/ycsm

Domain Fronting Google App Engine. https://github.com/redteam-cyberark/Google-Domain-fronting

DomainFrontDiscover Scripts and results for finding domain frontable CloudFront domains. https://github.com/peewpw/DomainFrontDiscover

Automated Empire Infrastructure https://github.com/bneg/RedTeam-Automation

Serving Random Payloads with NGINX. https://gist.github.com/jivoi/a33ace2e25515a31aa2ffbae246d98c9

meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. https://github.com/arlolra/meek

CobaltStrike-ToolKit Some useful scripts for CobaltStrike. https://github.com/killswitch-GUI/CobaltStrike-ToolKit

mkhtaccess_red Auto-generate an HTaccess for payload delivery — automatically pulls ips/nets/etc from known sandbox companies/sources that have been seen before, and redirects them to a benign payload. https://github.com/violentlydave/mkhtaccess_red

RedFile a flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads. https://github.com/outflanknl/RedFile

keyserver Easily serve HTTP and DNS keys for proper payload protection. https://github.com/leoloobeek/keyserver

DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike (https://www.cobaltstrike.com). https://github.com/SpiderLabs/DoHC2

HTran is a connection bouncer, a kind of proxy server. A “listener” program is hacked stealthily onto an unsuspecting host anywhere on the Internet. https://github.com/HiwinCN/HTran

Buffer Overflow and Exploit Development

https://github.com/CyberSecurityUP/Buffer-Overflow-Labs

https://github.com/gh0x0st/Buffer_Overflow

https://github.com/freddiebarrsmith/Buffer-Overflow-Exploit-Development-Practice

https://github.com/21y4d/Windows_BufferOverflowx32

https://github.com/johnjhacking/Buffer-Overflow-Guide

https://github.com/npapernot/buffer-overflow-attack

https://github.com/V1n1v131r4/OSCP-Buffer-Overflow

https://github.com/KINGSABRI/BufferOverflow-Kit

https://github.com/FabioBaroni/awesome-exploit-development

https://github.com/Gallopsled/pwntools

https://github.com/hardenedlinux/linux-exploit-development-tutorial

https://github.com/Billy-Ellis/Exploit-Challenges

https://github.com/wtsxDev/Exploit-Development

MindMaps by Joas

https://www.mindmeister.com/pt/1746180947/web-attacks-bug-bounty-and-appsec-by-joas-antonio

https://www.mindmeister.com/pt/1760781948/information-security-certifications-by-joas-antonio

https://www.mindmeister.com/pt/1781013629/the-best-labs-and-ctf-red-team-and-pentest

https://www.mindmeister.com/pt/1760781948/information-security-certifications-by-joas-antonio

https://www.mindmeister.com/pt/1746187693/cyber-security-career-knowledge-by-joas-antonio

Lateral Movement

https://github.com/0xthirteen/SharpRDP

https://github.com/0xthirteen/MoveKit

https://github.com/0xthirteen/SharpMove

https://github.com/rvrsh3ll/SharpCOM

https://github.com/malcomvetter/CSExec

https://github.com/byt3bl33d3r/CrackMapExec

https://github.com/cube0x0/SharpMapExec

https://github.com/nccgroup/WMIcmd

https://github.com/rasta-mouse/MiscTools

https://github.com/byt3bl33d3r/DeathStar

https://github.com/SpiderLabs/portia

https://github.com/Screetsec/Vegile

https://github.com/DanMcInerney/icebreaker

https://github.com/MooseDojo/apt2

https://github.com/hdm/nextnet

https://github.com/mubix/IOXIDResolver

https://github.com/Hackplayers/evil-winrm

https://github.com/bohops/WSMan-WinRM

https://github.com/dirkjanm/krbrelayx

https://github.com/Mr-Un1k0d3r/SCShell

https://github.com/rvazarkar/GMSAPasswordReader

https://github.com/fdiskyou/hunter

https://github.com/360-Linton-Lab/WMIHACKER

https://github.com/leechristensen/SpoolSample

https://github.com/leftp/SpoolSamplerNET

https://github.com/lexfo/rpc2socks

https://github.com/checkymander/sshiva

https://github.com/dev-2null/ADCollector

POST Exploitation

https://github.com/mubix/post-exploitation

https://github.com/emilyanncr/Windows-Post-Exploitation

https://github.com/nettitude/Invoke-PowerThIEf

https://github.com/ThunderGunExpress/BADministration

https://github.com/bohops/SharpRDPHijack

https://github.com/antonioCoco/RunasCs

https://github.com/klsecservices/Invoke-Vnc

https://github.com/mandatoryprogrammer/CursedChrome

https://github.com/djhohnstein/WireTap

https://github.com/GhostPack/Lockless

https://github.com/infosecn1nja/SharpDoor

Phishing Tools

Wrapper for various tools

https://github.com/bohops/GhostBuild

https://github.com/S3cur3Th1sSh1t/PowerSharpPack

https://github.com/rvrsh3ll/Rubeus-Rundll32

https://github.com/checkymander/Zolom

Active Directory Audit and exploit tools

https://github.com/mwrlabs/SharpGPOAbuse

https://github.com/BloodHoundAD/BloodHound

https://github.com/BloodHoundAD/SharpHound3

https://github.com/chryzsh/awesome-bloodhound

https://github.com/hausec/Bloodhound-Custom-Queries

https://github.com/CompassSecurity/BloodHoundQueries

https://github.com/vletoux/pingcastle

https://github.com/cyberark/ACLight

https://github.com/canix1/ADACLScanner

https://github.com/fox-it/Invoke-ACLPwn

https://github.com/NinjaStyle82/rbcd_permissions

https://github.com/NotMedic/NetNTLMtoSilverTicket

https://github.com/dirkjanm/ldapdomaindump

Web Vulnerability Scanner / Burp Plugins

https://github.com/m4ll0k/WAScan – all in one scanner

https://github.com/s0md3v/XSStrike – XSS discovery

https://github.com/federicodotta/Java-Deserialization-Scanner

https://github.com/d3vilbug/HackBar

https://github.com/gyoisamurai/GyoiThon

https://github.com/snoopysecurity/awesome-burp-extensions

https://github.com/sting8k/BurpSuite_403Bypasser – Burpsuite Extension to bypass 403 restricted directory

https://github.com/BishopFox/GadgetProbe

Web Exploitation Tools

https://github.com/OsandaMalith/LFiFreak – lfi

https://github.com/enjoiz/XXEinjector – xxe

https://github.com/tennc/webshell – shellz

https://github.com/flozz/p0wny-shell

https://github.com/epinna/tplmap – ssti

https://github.com/orf/xcat – xpath injection

https://github.com/almandin/fuxploider – File Uploads

https://github.com/nccgroup/freddy – deserialization

https://github.com/irsdl/IIS-ShortName-Scanner – IIS Short Filename Vuln. exploitation

https://github.com/frohoff/ysoserial – Deserialize Java Exploitation

https://github.com/pwntester/ysoserial.net – Deserialize .NET Exploitation

https://github.com/internetwache/GitTools – Exploit .git Folder Existence

https://github.com/cujanovic/SSRF-Testing – SSRF Tutorials

https://github.com/ambionics/phpggc – PHP Unserialize Payload generator

https://github.com/BuffaloWill/oxml_xxe – Malicious Office XXE payload generator

https://github.com/tijme/angularjs-csti-scanner – Angularjs Csti Scanner

https://github.com/0xacb/viewgen – Deserialize .NET Viewstates

https://github.com/Illuminopi/RCEvil.NET – Deserialize .NET Viewstates

Linux Privilege Escalation / Audit

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS – powerfull Privilege Escalation Check Script with nice output

https://github.com/mzet-/linux-exploit-suggester

https://github.com/rebootuser/LinEnum

https://github.com/diego-treitos/linux-smart-enumeration

https://github.com/CISOfy/lynis

https://github.com/AlessandroZ/BeRoot

https://github.com/future-architect/vuls

https://github.com/ngalongc/AutoLocalPrivilegeEscalation

https://github.com/b3rito/yodo

https://github.com/belane/linux-soft-exploit-suggester – lookup vulnerable installed software

https://github.com/sevagas/swap_digger

https://github.com/NullArray/RootHelper

https://github.com/NullArray/MIDA-Multitool

https://github.com/initstring/dirty_sock

https://github.com/jondonas/linux-exploit-suggester-2

https://github.com/sosdave/KeyTabExtract

https://github.com/DominicBreuker/pspy

https://github.com/itsKindred/modDetective

https://github.com/nongiach/sudo_inject

https://github.com/Anon-Exploiter/SUID3NUM – find suid bins and look them up under gtfobins / exploitable or not

https://github.com/nccgroup/GTFOBLookup – Offline GTFOBins

https://github.com/TH3xACE/SUDO_KILLER – sudo misconfiguration exploitation

https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py

https://github.com/inquisb/unix-privesc-check

https://github.com/hc0d3r/tas – easily manipulate the tty and create fake binaries

https://github.com/SecWiki/linux-kernel-exploits

https://github.com/initstring/uptux

https://github.com/andrew-d/static-binaries – not really privesc but helpfull

Command and Control

Cobalt Strike is software for Adversary Simulations and Red Team Operations. https://cobaltstrike.com/

Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. https://github.com/EmpireProject/Empire

Metasploit Framework is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. https://github.com/rapid7/metasploit-framework

SILENTTRINITY A post-exploitation agent powered by Python, IronPython, C#/.NET. https://github.com/byt3bl33d3r/SILENTTRINITY

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python. https://github.com/n1nj4sec/pupy

Koadic or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. https://github.com/zerosum0x0/koadic

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. https://github.com/nettitude/PoshC2_Python

Gcat a stealthy Python based backdoor that uses Gmail as a command and control server. https://github.com/byt3bl33d3r/gcat

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution. https://github.com/trustedsec/trevorc2

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. https://github.com/Ne0nd0g/merlin

Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. https://github.com/quasar/QuasarRAT

Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. https://github.com/cobbr/Covenant

FactionC2 is a C2 framework which use websockets based API that allows for interacting with agents and transports. https://github.com/FactionC2/

DNScat2 is a tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. https://github.com/iagox86/dnscat2

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. https://github.com/BishopFox/sliver

EvilOSX An evil RAT (Remote Administration Tool) for macOS / OS X. https://github.com/Marten4n6/EvilOSX

EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. https://github.com/neoneggplant/EggShell

Adversary Emulation

MITRE CALDERA – An automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. https://github.com/mitre/caldera

APTSimulator – A Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. https://github.com/NextronSystems/APTSimulator

Atomic Red Team – Small and highly portable detection tests mapped to the Mitre ATT&CK Framework. https://github.com/redcanaryco/atomic-red-team

Network Flight Simulator – flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. https://github.com/alphasoc/flightsim

Metta – A security preparedness tool to do adversarial simulation. https://github.com/uber-common/metta

Red Team Automation (RTA) – RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK. https://github.com/endgameinc/RTA

Repositores

https://github.com/infosecn1nja/Red-Teaming-Toolkit

https://github.com/S3cur3Th1sSh1t/Pentest-Tools

https://github.com/yeyintminthuhtut/Awesome-Red-Teaming

https://github.com/enaqx/awesome-pentest

https://github.com/Muhammd/Awesome-Pentest

https://github.com/CyberSecurityUP/Awesome-PenTest-Practice

https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU

https://github.com/0x4D31/awesome-oscp

https://github.com/six2dez/OSCP-Human-Guide

https://github.com/RustyShackleford221/OSCP-Prep

https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md

Malware Analysis and Reverse Engineering

https://github.com/rshipp/awesome-malware-analysis

https://github.com/topics/malware-analysis

https://github.com/Apress/malware-analysis-detection-engineering

https://github.com/SpiderLabs/malware-analysis

https://github.com/ytisf/theZoo

https://github.com/arxlan786/Malware-Analysis

https://github.com/nheijmans/malzoo

https://github.com/mikesiko/PracticalMalwareAnalysis-Labs

https://github.com/secrary/SSMA

https://github.com/merces/aleph

https://github.com/mentebinaria/retoolkit

https://github.com/mytechnotalent/Reverse-Engineering

https://github.com/wtsxDev/reverse-engineering

https://github.com/mentebinaria/retoolkit

https://github.com/topics/reverse-engineering

https://github.com/0xZ0F/Z0FCourse_ReverseEngineering

https://github.com/NationalSecurityAgency/ghidra

https://github.com/hax0rtahm1d/Reverse-Engineering

https://github.com/tylerha97/awesome-reversing