Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 red-teaming Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
-
hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
-
Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
-
RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Awesome-Cybersecurity-Handbooks
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
-
moonwalk
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. (by mufeedvh)
-
SysReptor
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
-
xurlfind3r
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
-
cervantes
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location. (by CervantesSec)
-
MrKaplan
MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
-
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
-
RanSim
Ransomware simulation script written in PowerShell. Useful for testing your defenses and backups against real ransomware-like activity in a controlled setting.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.
Project mention: What project ideas are there for a cybersecurity homelab? | /r/AskNetsec | 2023-06-04Play with RedELK for learning ELK and monitoring blue team activities - https://github.com/outflanknl/RedELK
Link: https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks
red-teaming related posts
-
Cybersecurity Handbooks
-
ExploitToolFinder
-
Just installed Kali linux...now what? Any links to great content/tutorials to share?
-
Create Gold Image from Custom Windows VM
-
Virtual Machine Setup for Training
-
AD Offsec Testing Tools Pre-Compiled, up to date, and ready to use
-
HoaxShell Beta - Integrated with RevShells.com
-
A note from our sponsor - InfluxDB
www.influxdata.com | 15 May 2024
Index
What are some of the best open-source red-teaming projects? This list will help you:
Project | Stars | |
---|---|---|
1 | dirsearch | 11,306 |
2 | sliver | 7,614 |
3 | commando-vm | 6,712 |
4 | hoaxshell | 2,892 |
5 | afrog | 2,836 |
6 | Penetration-Testing-Tools | 2,436 |
7 | RedELK | 2,296 |
8 | Awesome-Cybersecurity-Handbooks | 2,084 |
9 | inceptor | 1,502 |
10 | Galaxy-Bugbounty-Checklist | 1,324 |
11 | moonwalk | 1,290 |
12 | SysReptor | 1,152 |
13 | Amsi-Killer | 562 |
14 | xurlfind3r | 524 |
15 | AlanFramework | 462 |
16 | aws-cloudsaga | 427 |
17 | acheron | 286 |
18 | cervantes | 250 |
19 | MrKaplan | 244 |
20 | offsec-tools | 221 |
21 | InlineWhispers2 | 174 |
22 | RanSim | 172 |
23 | LAZYPARIAH | 140 |
Sponsored