Top 23 offensive-security Open-Source Projects

• DefaultCreds-cheat-sheet

  2 5,269 7.4 Python

  One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

• RedTeaming-Tactics-and-Techniques

  1 3,816 4.3 PowerShell

  Red Teaming Tactics and Techniques

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• Villain

  2 3,561 7.7 Python

  Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

• OSCP-Exam-Report-Template-Markdown

  21 3,289 4.6 Ruby

  :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

Project mention: Exam Complete -- Got enough points but am worried about the report. | /r/oscp | 2023-07-05

Thank you! Yes, I used https://github.com/noraj/OSCP-Exam-Report-Template-Markdown and included vulnerability details, as well as how to fix the vulnerability and it got lengthy which I think was unnecessary, but I tried to make it nice and be thorough. I probably should've put more time in trying to fix the other issues I had but oh well.

• black-hat-rust

  48 3,044 4.3 Rust

  Applied offensive security with Rust - https://kerkour.com/black-hat-rust

  

Project mention: Cloudflare for Speed and Security | /r/CloudFlare | 2023-10-20

Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!

• Raccoon

  4 2,993 0.0 Python

  A high performance offensive security tool for reconnaissance and vulnerability scanning

• awesome-oscp

  1 2,389 3.3

  A curated list of awesome OSCP resources

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• ligolo-ng

  5 2,112 6.2 Go

  An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

  

Project mention: Actual SSH over HTTPS | news.ycombinator.com | 2023-12-23

I learned about chisel in PEN-200 / preparing for the OSCP.

Then I learned about, Ligolo-ng [1] which is a game-changer. I highly recommend checking it out. It is most applicable to a penetration test. It uses TLS so I'm not sure it could be used to address the issue mentioned in the article.

[1] https://github.com/nicocha30/ligolo-ng

• Reconnoitre

  2 2,065 0.0 Python

  A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

• Awesome-Cybersecurity-Handbooks

  9 2,058 9.8

  A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

Project mention: Cybersecurity Handbooks | /r/cybernewsroom | 2023-08-12

Link: https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks

• Keylogger

  2 1,923 2.6 Python

  Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail. (by aydinnyunus)

Project mention: Is it possible my phone is spied upon | /r/techsupport | 2023-07-10

• rapidscan

  1 1,649 4.1 Python

  :new: The Multi-Tool Web Vulnerability Scanner.

  

• pentest

  1 1,442 10.0 Python

  :no_entry: offsec batteries included (by jivoi)

• Digital-Forensics-Guide

  6 1,335 6.4 Python

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Project mention: Most used DFIR tools | /r/cybersecurity | 2023-12-10

If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide

• Chimera

  3 1,260 0.0 PowerShell

  Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

• 007-TheBond

  4 1,030 6.6 Python

  This Script will help you to gather information about your victim or friend.

• BlackMamba

  1 990 0.0 Python

  C2/post-exploitation framework

• OSCP-Exam-Report-Template

  9 913 0.0

  Modified template for the OSCP Exam and Labs. Used during my passing attempt

Project mention: Passing the OSCP in 8 hours(as a high school student) | /r/oscp | 2023-07-02

I had never done any formal pentesting reports like this one, so I kind of learned it on the fly. The whoisflynn template came in clutch for me, since I just had to follow the instructions laid out and copy paste whatever I needed to. Don’t underestimate this part of the exam, and do some planning beforehand to make sure you’re comfortable and have enough time. There isn’t an upper limit to detail in the report, and I was sure I was very detailed in my writeups.

• Open-Source-Security-Guide

  23 846 6.4 Go

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

• PsMapExec

  1 651 9.3 PowerShell

  A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec

Project mention: PsMapExec - Active Directory and Windows Lateral Movement | /r/Infosec | 2023-10-21

• GTFONow

  1 489 6.4 Python

  Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

• oscp-pre-preparation-plan-and-notes

  6 463 10.0

  My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford the exam but what count's trying and learning things. I'm gonna give it a try. [Start Date: 21st March 2022]

• Chimera

  1 422 8.5 Python

  Automated DLL Sideloading Tool With EDR Evasion Capabilities (by georgesotiriadis)

Project mention: Chimera: Automated DLL Sideloading Tool With EDR Evasion Capabilities | /r/purpleteamsec | 2023-05-17

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

offensive-security related posts

• Haven't been using kali in a long time and wanted to know why Ngrok is not working on Blackeye? blackeye itself doesn't exist anymore lol
  1 project | /r/Kalilinux | 7 Dec 2023
• Cloudflare for Speed and Security
  2 projects | /r/CloudFlare | 20 Oct 2023
• Show HN: I'm writing a book – Cloudflare for Speed and Security
  1 project | news.ycombinator.com | 18 Oct 2023
• Exam Complete -- Got enough points but am worried about the report.
  1 project | /r/oscp | 5 Jul 2023
• Passing the OSCP in 8 hours(as a high school student)
  1 project | /r/oscp | 2 Jul 2023
• Passed OSCP about two weeks ago
  1 project | /r/oscp | 18 Jun 2023
• Black Hat Rust
  1 project | /r/savedForMS | 1 May 2023
• A note from our sponsor - WorkOS
  workos.com | 23 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com