This is a collection of red teaming tools that will help in red team engagements. The list is not complete, so i will keep updating it!
Reconnaissance
These tools are used to gather information passively or actively.
Tools Name | Descriptions |
---|---|
Nmap | Port/Service/Vulnerability Scanner |
DnsRecon, Amass | DNS Enumeration Tool |
Nikto | Website Misconfiguration Finder |
Burp Suite Pro | Web Analyzing Semi-auto Tool |
theHarvester | Find sub-domain, email address and employee info |
Metgoofil | Extract pdf,doc,xls, etc |
SpiderFoot | Open-source Information Gathering framework |
Recon-ng | Open-source Information Gathering framework |
Weaponization & Initial Foothold
Cracking Password
Password attacking tools for initial footholds
Tools Name | Descriptions |
---|---|
CUPP | Common User Passwords Profiler |
CeWL | Custom Word List generator |
Ruler | Exchange Server Password Spraying |
Hydra | Password Brute Forcer can be used for Password Spraying too |
Hashcat | Offline hash cracking tool |
Payload Development
Useful tools to develop payloads!
Tools Name | Descriptions |
---|---|
Unicorn | Payload Creation Tools for Microsoft Office |
Office-DDE-Payloads | Collection of scripts and templates to generate Word and Excel documents embedded with the DDE, macro-less command execution technique |
The Social-Engineer Toolkit | Open-source social engineering framework |
DotNetToJScript | Convert .Net App to Javascript |
Meta Twin | File resource cloner |
SharpShooter | Payload creation framework |
Invoke-Obfuscation | Powershell script Obfuscation tool. |
EmbedInHTML | Hide file in HTML |
macro_pack | Payload Creation tool(Pro for advanced feature like AV evasion) |
BeEF | Browser Exploitation Framework(XSS) |
ScareCrow | ScareCrow is a payload creation framework |
IVY | Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code in memory. |
charlotte | c++ fully undetected shellcode launcher |
Offensive-VBA | VBA script collection |
Payload Delivery
Some tools to deliver your payloads.
Tools Name | Descriptions |
---|---|
Gophish | Open-sources phishing Toolkit |
King-Phisher | Phishing Toolkit |
FiercePhish | FiercePhish is a full-fledged phishing framework to manage all phishing engagements. |
Command & Control
The C2 framework, where you receive your reverse connection.
Tools Name | Descriptions |
---|---|
Poshc2 | Proxy aware C2 Framework |
Empire | Empire 4 is a post-exploitation framework that includes a pure-PowerShell Windows agents, Python 3.x Linux/OS X agents, and C# agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. |
Merlin | Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go. |
MSF | Open-source Pentesting framework can be used as C2 |
Cobalt Strike | Popular paid command and control software |
AD & Lateral Movement
Helpful tools to move one computer to another.
Tools Name | Descriptions |
---|---|
PowerView | Active Directory Recon Tool |
PowerUpSQL | SQL Server Attacking tool |
Sharphound,Bloodhound | Active Directory Recon Tool |
Responder | LLMNR, NBT-NS and MDNS poisoner |
Impacket | Collection of python scripts |
Mimikatz | Password Dumping and Lateral Movement tool |
CrackMapExec | This is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. |
MoveKit | Cobalt Strike kit for Lateral Movement |
Escalation
If you need to escalate the privilege, these tools can be helpful
Tools Name | Descriptions |
---|---|
Sherlock | Powershell script to find local exploits |
PowerUp | Powershell script to find local exploits |
Winpeas | Windows Priv Escalation Scripts |
linPEAS | Linux Priv Escalation Scripts |
LSE | Another Linux Priv Escalation Script |
Rubeus | Kerberos Abuse tool |
AD ACL Scanner | Powershell script that report DACLs and SACLs |
Seatbelt | Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” |
ElevateKit | Cobalt Strike Kit for Priv Escalation |
Persistence
To be continue
Exfiltration
To be continue
Note: This document is not complete yet. I will update soon!