The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 red-team Open-Source Projects
-
Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
adversarial-robustness-toolbox
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
-
discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
-
-
adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
-
Bashfuscator
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
-
GooFuzz
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.
Did you try using https://trickest.com?
Also, for the attack emulation part you might be interested in CALDERA.
Covenant C2: https://github.com/cobbr/Covenant
Project mention: Do you know a Kali tool to find an username with just the name of the person ? | /r/Kalilinux | 2023-07-03https://github.com/leebaird/discover try this
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!
Project mention: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. | /r/netsec | 2023-06-24This is not an exploit nor an example about how to write a driver and I didn't write anywhere about an exploit or how to write an driver. If you are looking for these kind of resources, feel free to check out my driver programming blog series "Lord of the Ring0" (and a talk that will be released soon! :) ): https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Project mention: What adversary emulation options are there nowadays to test SIEMs and IDSs? | /r/AskNetsec | 2023-11-07Unfortunately I don't have the background and knowledge of cybersecurity needed to plan a pentest of my own. Also, it would be more interesting to emulate the attacks of actual APTs known in the wild. So far, I've tested Caldera, Invoke-AtomicRedTeam and manual tests from CTID's adversary emulation library: https://github.com/center-for-threat-informed-defense/adversary_emulation_library
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
red-team related posts
- What adversary emulation options are there nowadays to test SIEMs and IDSs?
- PowerShell evasion
- A software developer venturing into Cyber security
- SOC Malware/Detection lab
- Do you know a Kali tool to find an username with just the name of the person ?
- Secure authentication over unencrypted connection
- Automated penetration testing software?
-
A note from our sponsor - WorkOS
workos.com | 29 Apr 2024
Index
What are some of the best open-source red-team projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Red-Teaming-Toolkit | 8,519 |
| 2 | nishang | 8,336 |
| 3 | sliver | 7,568 |
| 4 | cve | 6,062 |
| 5 | Infosec_Reference | 5,358 |
| 6 | caldera | 5,182 |
| 7 | RedTeam-Tools | 5,177 |
| 8 | adversarial-robustness-toolbox | 4,460 |
| 9 | Covenant | 3,950 |
| 10 | Red-Team-Infrastructure-Wiki | 3,884 |
| 11 | discover | 3,315 |
| 12 | black-hat-rust | 3,047 |
| 13 | shad0w | 1,981 |
| 14 | Nidhogg | 1,601 |
| 15 | adversary_emulation_library | 1,545 |
| 16 | gitjacker | 1,529 |
| 17 | Bashfuscator | 1,503 |
| 18 | inceptor | 1,488 |
| 19 | Goby | 1,332 |
| 20 | Galaxy-Bugbounty-Checklist | 1,314 |
| 21 | GooFuzz | 1,225 |
| 22 | Ghostwriter | 1,185 |
| 23 | BlackMamba | 990 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com