red-team
A Claude Code skill bundle for bug hunting and external red-team work - 51 skills, 15 slash commands, 681 disclosed-report patterns curated across 24 vulnerability classes, plus enterprise identity + infrastructure attack matrices.
Local forensic scanner that extracts credentials from AI tool conversation history. For authorized red team and DLP use only.
Local forensic scanner that extracts and verifies credentials from AI tool conversation history. Detection + verification powered by TruffleHog.
claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a specific attack surface — from SQLi to shellcode, EDR evasion to exploit development.
15-stage Windows malware development & analysis course in Rust. Red team builds it, blue team detects it. All 15 binaries achieved 0/76 on VirusTotal.
Boot-to-Breach red team lab on AWS. Mythic, Sliver, and Havoc C2 behind a production-style Apache redirector. Deployed via Terraform.
Related contents:
The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking, CAN-bus and IPv4 and IPv6 networks reconnaissance and MITM attacks.
bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, CAN-bus, wireless HID devices and Ethernet networks.
Advanced Command and Control Framework for Authorized Red Team Operations
Unmask the hidden before the world does.
An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
AI Red Teaming Range.
Red AI Range (RAR) is a comprehensive security platform designed specifically for AI red teaming and vulnerability assessment. It creates realistic environments where security professionals can systematically discover, analyze, and mitigate AI vulnerabilities through controlled testing scenarios.
Your Security Partner. Cybersecurity, Redefined. XENA is an inovative C2 made fully in Go.
XENA is designed for offensive cybersecurity, particularly for red team operations, penetration testing, and adversary simulations. Making it suitable for professionals conducting security assessments.
XENA is Cross-Platform Software for Cyber-Security Automation, Adversary Simulations, and Red Team Operations. XENA strives to be fully integrated security penetration testing framework. It is equipped with a post-exploitation agent, C2 server, and a dark-themed elegant user interface running on Desktop, Web, and Mobile.
Mapping of open-source detection rules and atomic tests.
The goal of this project is to bridge the gap between Atomic Red Team's adversary simulations and open-source detection rules. By doing so, this project aims to help security professionals simulate attacks and evaluate their detection strategies more effectively. 🔒
Your Persistent Adversary. Real Attack Surface Management, within the watchTowr Platform. The future of Continuous Automated Red Teaming and Attack Surface Management.
A Completely Modular LLM Reverse Engineering, Red Teaming, and Vulnerability Research Framework.
the LLM vulnerability scanner. Generative AI Red-teaming & Assessment Kit
garak checks if an LLM can be made to fail in a way we don't want. garak probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. If you know nmap, it's nmap for LLMs.
Open Adversary Exposure Validation Platform. Formerly OpenBAS (Open Breach and Attack Simulation Platform).
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests.
Awesome cloud enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.
A companion toolkit for Pentesters & Red Teams.
BallisKit helps by providing automation and weaponization of payload generation. Our products are also equipped with multiple security solution bypasses and ready to use templates to cover any scenarios the RedTeam may face. BallisKit is an array of tools and services developed to help Red Teams and Pentesters in their mission. Capabilities include, among other, penetration testing, demos and social engineering campaigns (email, USB key, etc.).
Tools and Techniques for Red Team / Penetration Testing.
This github repository contains a collection of 130+ tools and resources that can be useful for red teaming activities. Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context.
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
CATSploit is an automated penetration testing tool using Cyber Attack Techniques Scoring (CATS) method that can be used without pentester.
802.11 Attack Tool.
The overall goal of this tool is to provide a single-interface survey capability with advanced automated attacks that result in valid hashlines you can crack with Hashcat.
A Red Team Script to Detect Canary Tokens and Seed Files. How to Detect Canary and Seed Microsoft Office Files with Python Without Triggering an Alert.
In the realm of cybersecurity, vigilance is key. One way malicious actors might infiltrate systems is through seemingly innocuous Microsoft Office files. These files might contain hidden URLs or macros designed to execute harmful actions. In this blog post, we'll explore a Python script designed to detect potentially suspicious Microsoft Office documents by examining their contents without opening them directly, reducing the risk of inadvertently triggering malicious code.
World's fastest and most advanced password recovery utility.
hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.
Related contents:
Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).
Official Black Hat Arsenal Security Tools Repository.
Black Hat Arsenal Security Tools @ GitHub: This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility, the tools are classified by category and not by session.
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
SysReptor is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports in user-friendly Markdown and convert them to PDF with just a single click, in the cloud or self-hosted!
PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.
RedCloud OS is a Debian based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Decrypt passwords/cookies/history/bookmarks from the browser.
HackBrowserData is a command-line tool for decrypting and exporting browser data ( passwords, history, cookies, bookmarks, credit cards, download records, localStorage and extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
Atomic Red Team™ is a library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.
A python script to help red teamers discover KeePass instances and extract secrets.
Software for Adversary Simulations and Red Team Operations. Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations, these assessments benefit security operations and incident response.