A-poc / RedTeam-Tools

RedTeam-Tools This github repository contains a collection of **150+** **tools** and **resources** that can be useful for **red teaming activities**. Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context. > 🔗 If you are a Blue Teamer, check out BlueTeam-Tools > **Warning** > > *The materials in this repository are for informational and educational purposes only. They are not intended for use in any illegal activities.* > **Note** > > *Hide Tool List headings with the arrow.* > > *Click 🔙 to get back to the list.* Tool List Red Team Tips 19 tips Improved HTML smuggling with mouse move eventlistener @pr0xylife Google translate for phishing @malmoeb Hiding the local admin account @Alh4zr3d Cripple windows defender by deleting signatures @Alh4zr3d Enable multiple RDP sessions per user @Alh4zr3d Sysinternals PsExec.exe local alternative @GuhnooPlusLinux Live off the land port scanner @Alh4zr3d Proxy aware PowerShell DownloadString @Alh4zr3d Looking for internal endpoints in browser bookmarks @Alh4zr3d Query DNS records for enumeration @Alh4zr3d Unquoted service paths without PowerUp @Alh4zr3d Bypass a disabled command prompt with /k Martin Sohn Christensen Stop windows defender deleting mimikatz.exe @GuhnooPlusLinux Check if you are in a virtual machine @dmcxblue Enumerate AppLocker rules @Alh4zr3d CMD shortcut with 6 pixels via mspaint PenTestPartners Link spoofing with PreventDefault JavaScript method Check SMB firewall rules with Responder @malmoeb Disable AV with SysInternals PsSuspend @0gtweet Reconnaissance 24 tools spiderfoot Automated OSINT and attack surface mapping reconftw Automated subdomain and vulnerability recon tool subzy Subdomain takeover vulnerability checker smtp-user-enum SMTP user enumeration crt.sh -> httprobe -> EyeWitness Automated domain screenshotting jsendpoints Extract page DOM links nuclei Vulnerability scanner certSniff Certificate transparency log keyword sniffer gobuster Website path brute force feroxbuster Fast content discovery tool written in Rust CloudBrute Cloud infrastructure brute force dnsrecon Enumerate DNS records Shodan.io Public facing system knowledge base AORT (All in One Recon Tool) Subdomain enumeration spoofcheck SPF/DMARC record checker AWSBucketDump S3 bucket enumeration GitHarvester GitHub credential searcher truffleHog GitHub credential scanner Dismap Asset discovery/identification enum4linux Windows/samba enumeration skanuvaty Dangerously fast dns/network/port scanner Metabigor OSINT tool without API Gitrob GitHub sensitive information scanner gowitness Web screenshot utility using Chrome Headless Resource Development 12 tools remoteinjector Inject remote template link into word document Chimera PowerShell obfuscation msfvenom Payload creation Shellter Dynamic shellcode injection tool Freeze Payload creation (circumventing EDR) WordSteal Steal NTML hashes with Microsoft Word NTAPI Undocumented Functions Windows NT Kernel, Native API and drivers Kernel Callback Functions Undocumented Windows APIs OffensiveVBA Office macro code execution and evasion techniques WSH Wsh payload HTA Hta payload VBA Vba payload Initial Access 10 tools CredMaster CredKing password spraying tool TREVORspray Password sprayer with threading evilqr QRLJacking phishing PoC CUPP Common User Passwords Profiler (CUPP) Bash Bunny USB attack tool EvilGoPhish Phishing campaign framework The Social-Engineer Toolkit Phishing campaign framework Hydra Brute force tool SquarePhish OAuth/QR code phishing framework King Phisher Phishing campaign framework Execution 13 tools Responder LLMNR, NBT-NS and MDNS poisoner secretsdump Remote hash dumper evil-winrm WinRM shell Donut In-memory .NET execution Macro_pack Macro obfuscation PowerSploit PowerShell script suite Rubeus Active directory hack tool SharpUp Windows vulnerability identifier SQLRecon Offensive MS-SQL toolkit UltimateAppLockerByPassList Common AppLocker Bypass Techniques StarFighters JavaScript and VBScript Based Empire Launcher demiguise HTA encryption tool PowerZure PowerShell framework to assess Azure security Persistence 4 tools Impacket Python script suite Empire Post-exploitation framework SharPersist Windows persistence toolkit ligolo-ng Tunneling tool that uses a TUN interface Privilege Escalation 11 tools Crassus Windows privilege escalation discovery tool LinPEAS Linux privilege escalation WinPEAS Windows privilege escalation linux-smart-enumeration Linux privilege escalation Certify Active directory privilege escalation Get-GPPPassword Windows password extraction Sherlock PowerShell privilege escalation tool Watson Windows privilege escalation tool ImpulsiveDLLHijack DLL Hijack tool ADFSDump AD FS dump tool BeRoot Multi OS Privilege Escalation Project Defense Evasion 8 tools Invoke-Obfuscation Script obfuscator Veil Metasploit payload obfuscator SharpBlock EDR bypass via entry point execution prevention Alcatraz GUI x64 binary obfuscator Mangle Compiled executable manipulation AMSI Fail PowerShell snippets that break or disable AMSI ScareCrow Payload creation framework designed around EDR bypass moonwalk Linux system log and filesystem timestamp remover Credential Access 11 tools Mimikatz Windows credential extractor LaZagne Local password extractor hashcat Password hash cracking John the Ripper Password hash cracking SCOMDecrypt SCOM Credential Decryption Tool nanodump LSASS process minidump creation eviltree Tree remake for credential discovery SeeYouCM-Thief Cisco phone systems configuration file parsing MailSniper Microsoft Exchange Mail Searcher SharpChromium Cookie, history and saved login chromium extractor dploot DPAPI looting remotely in Python Discovery 6 tools PCredz Credential discovery PCAP/live interface PingCastle Active directory assessor Seatbe…