This is a collection of red teaming tools that will help in red team engagements. The list is not complete, so i will keep updating it!
Reconnaissance
These tools are used to gather information passively or actively.
| Tools Name | Descriptions |
|---|---|
| Nmap | Port/Service/Vulnerability Scanner |
| DnsRecon, Amass | DNS Enumeration Tool |
| Nikto | Website Misconfiguration Finder |
| Burp Suite Pro | Web Analyzing Semi-auto Tool |
| theHarvester | Find sub-domain, email address and employee info |
| Metgoofil | Extract pdf,doc,xls, etc |
| SpiderFoot | Open-source Information Gathering framework |
| Recon-ng | Open-source Information Gathering framework |
Weaponization & Initial Foothold
Cracking Password
Password attacking tools for initial footholds
| Tools Name | Descriptions |
|---|---|
| CUPP | Common User Passwords Profiler |
| CeWL | Custom Word List generator |
| Ruler | Exchange Server Password Spraying |
| Hydra | Password Brute Forcer can be used for Password Spraying too |
| Hashcat | Offline hash cracking tool |
Payload Development
Useful tools to develop payloads!
| Tools Name | Descriptions |
|---|---|
| Unicorn | Payload Creation Tools for Microsoft Office |
| Office-DDE-Payloads | Collection of scripts and templates to generate Word and Excel documents embedded with the DDE, macro-less command execution technique |
| The Social-Engineer Toolkit | Open-source social engineering framework |
| DotNetToJScript | Convert .Net App to Javascript |
| Meta Twin | File resource cloner |
| SharpShooter | Payload creation framework |
| Invoke-Obfuscation | Powershell script Obfuscation tool. |
| EmbedInHTML | Hide file in HTML |
| macro_pack | Payload Creation tool(Pro for advanced feature like AV evasion) |
| BeEF | Browser Exploitation Framework(XSS) |
| ScareCrow | ScareCrow is a payload creation framework |
| IVY | Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code in memory. |
| charlotte | c++ fully undetected shellcode launcher |
| Offensive-VBA | VBA script collection |
Payload Delivery
Some tools to deliver your payloads.
| Tools Name | Descriptions |
|---|---|
| Gophish | Open-sources phishing Toolkit |
| King-Phisher | Phishing Toolkit |
| FiercePhish | FiercePhish is a full-fledged phishing framework to manage all phishing engagements. |
Command & Control
The C2 framework, where you receive your reverse connection.
| Tools Name | Descriptions |
|---|---|
| Poshc2 | Proxy aware C2 Framework |
| Empire | Empire 4 is a post-exploitation framework that includes a pure-PowerShell Windows agents, Python 3.x Linux/OS X agents, and C# agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. |
| Merlin | Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go. |
| MSF | Open-source Pentesting framework can be used as C2 |
| Cobalt Strike | Popular paid command and control software |
AD & Lateral Movement
Helpful tools to move one computer to another.
| Tools Name | Descriptions |
|---|---|
| PowerView | Active Directory Recon Tool |
| PowerUpSQL | SQL Server Attacking tool |
| Sharphound,Bloodhound | Active Directory Recon Tool |
| Responder | LLMNR, NBT-NS and MDNS poisoner |
| Impacket | Collection of python scripts |
| Mimikatz | Password Dumping and Lateral Movement tool |
| CrackMapExec | This is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. |
| MoveKit | Cobalt Strike kit for Lateral Movement |
Escalation
If you need to escalate the privilege, these tools can be helpful
| Tools Name | Descriptions |
|---|---|
| Sherlock | Powershell script to find local exploits |
| PowerUp | Powershell script to find local exploits |
| Winpeas | Windows Priv Escalation Scripts |
| linPEAS | Linux Priv Escalation Scripts |
| LSE | Another Linux Priv Escalation Script |
| Rubeus | Kerberos Abuse tool |
| AD ACL Scanner | Powershell script that report DACLs and SACLs |
| Seatbelt | Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” |
| ElevateKit | Cobalt Strike Kit for Priv Escalation |
Persistence
To be continue
Exfiltration
To be continue
Note: This document is not complete yet. I will update soon!