Red Team Security Tools

Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.

NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.

Tool for performing enumeration and exploitation of Kerberoasting attack in Active Directory

A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints

All thing red team resources and documents.

ShadowDropper is a utility for covertly delivering and executing payloads on a target system.

Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies

NetProbe: Network Probe

FluxER - The bash script which installs and runs the Fluxion tool inside Termux. The wireless security auditing tool used to perform attacks such as WPA/WPA2 cracking and MITM attacks.

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

A port scanner written purely in PowerShell.

Utility program to perform multiple operations for a given subnet/CIDR ranges.

Exploitation Framework for Embedded Devices

a C# implementation for a shellcode loader that capable to bypass Cortex XDR and Sophos EDR.

Penelope Shell Handler

Monitor linux processes without root permissions

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux

This is Advance Phishing Tool ! OTP PHISHING

LDAP library for auditing MS AD

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)