.svg){kind=icon}
Awesome cloud enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.
A companion toolkit for Pentesters & Red Teams.
BallisKit helps by providing automation and weaponization of payload generation. Our products are also equipped with multiple security solution bypasses and ready to use templates to cover any scenarios the RedTeam may face. BallisKit is an array of tools and services developed to help Red Teams and Pentesters in their mission. Capabilities include, among other, penetration testing, demos and social engineering campaigns (email, USB key, etc.).
Tools and Techniques for Red Team / Penetration Testing.
This github repository contains a collection of 130+ tools and resources that can be useful for red teaming activities.
Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context.
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
CATSploit is an automated penetration testing tool using Cyber Attack Techniques Scoring (CATS) method that can be used without pentester.
802.11 Attack Tool.
The overall goal of this tool is to provide a single-interface survey capability with advanced automated attacks that result in valid hashlines you can crack with Hashcat.
A Red Team Script to Detect Canary Tokens and Seed Files. How to Detect Canary and Seed Microsoft Office Files with Python Without Triggering an Alert.
In the realm of cybersecurity, vigilance is key. One way malicious actors might infiltrate systems is through seemingly innocuous Microsoft Office files. These files might contain hidden URLs or macros designed to execute harmful actions. In this blog post, we'll explore a Python script designed to detect potentially suspicious Microsoft Office documents by examining their contents without opening them directly, reducing the risk of inadvertently triggering malicious code.
World's fastest and most advanced password recovery utility.
hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.
Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).
Official Black Hat Arsenal Security Tools Repository.
Black Hat Arsenal Security Tools @ GitHub:
This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility, the tools are classified by category and not by session.
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
SysReptor is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports in user-friendly Markdown and convert them to PDF with just a single click, in the cloud or self-hosted!
PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.
RedCloud OS is a Debian based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Decrypt passwords/cookies/history/bookmarks from the browser.
HackBrowserData is a command-line tool for decrypting and exporting browser data ( passwords, history, cookies, bookmarks, credit cards, download records, localStorage and extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
Atomic Red Team™ is a library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.
A python script to help red teamers discover KeePass instances and extract secrets.