Attack simulation tool based on CVE

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/redteamsec

Our great sponsors
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • Sonar - Write Clean Python Code. Always.
  • Zigi - The context switching struggle is real
  • Scout APM - Truly a developer’s best friend
  • atomic-red-team

    Small and highly portable detection tests based on MITRE's ATT&CK.

    A lot of tools exist for testing and it depends on what you want to test for which is the right thing. MITRE Atomic Red Team for example will test via PowerShell on a SOE, https://github.com/redcanaryco/atomic-red-team and includes payloads that it calls over the network from GitHub for example.

  • nuclei-templates

    Community curated list of templates for the nuclei engine to find security vulnerabilities.

    Nmap can run scripts that trigger NIPS, as does Nuclei. https://nmap.org/ & https://github.com/projectdiscovery/nuclei you can look at a list of vuln scanners here. https://owasp.org/www-community/Vulnerability_Scanning_Tools. Nessus would be a common one to look at for Enterprise. Rapid 7, Qualys.

  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Data Platform where developers build real-time applications for analytics, IoT and cloud-native services in less time with less code.

  • caldera

    Automated Adversary Emulation Platform

  • caldera_pathfinder

    Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts