Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 red-teaming Open-Source Projects
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
-
hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
-
Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
-
RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Awesome-Cybersecurity-Handbooks
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
-
moonwalk
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. (by mufeedvh)
-
SysReptor
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
-
xurlfind3r
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
-
-
cervantes
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location. (by CervantesSec)
-
MrKaplan
MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
-
-
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
-
RanSim
Ransomware simulation script written in PowerShell. Useful for testing your defenses and backups against real ransomware-like activity in a controlled setting.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.
Project mention: What project ideas are there for a cybersecurity homelab? | /r/AskNetsec | 2023-06-04Play with RedELK for learning ELK and monitoring blue team activities - https://github.com/outflanknl/RedELK
Link: https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
red-teaming related posts
-
Cybersecurity Handbooks
-
ExploitToolFinder
-
Just installed Kali linux...now what? Any links to great content/tutorials to share?
-
Create Gold Image from Custom Windows VM
-
Virtual Machine Setup for Training
-
AD Offsec Testing Tools Pre-Compiled, up to date, and ready to use
-
HoaxShell Beta - Integrated with RevShells.com
-
A note from our sponsor - InfluxDB
www.influxdata.com | 15 May 2024
Index
What are some of the best open-source red-teaming projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | dirsearch | 11,306 |
| 2 | sliver | 7,614 |
| 3 | commando-vm | 6,712 |
| 4 | hoaxshell | 2,892 |
| 5 | afrog | 2,836 |
| 6 | Penetration-Testing-Tools | 2,436 |
| 7 | RedELK | 2,296 |
| 8 | Awesome-Cybersecurity-Handbooks | 2,084 |
| 9 | inceptor | 1,502 |
| 10 | Galaxy-Bugbounty-Checklist | 1,324 |
| 11 | moonwalk | 1,290 |
| 12 | SysReptor | 1,152 |
| 13 | Amsi-Killer | 562 |
| 14 | xurlfind3r | 524 |
| 15 | AlanFramework | 462 |
| 16 | aws-cloudsaga | 427 |
| 17 | acheron | 286 |
| 18 | cervantes | 250 |
| 19 | MrKaplan | 244 |
| 20 | offsec-tools | 221 |
| 21 | InlineWhispers2 | 174 |
| 22 | RanSim | 172 |
| 23 | LAZYPARIAH | 140 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com