Tools and Techniques for Red Team / Penetration Testing

🐢 Evaluation, testing & monitoring framework for LLMs and ML models

The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.

Sandman is a NTP based backdoor for red team engagements in hardened networks.

Venom is a library that meant to perform evasive communication using stolen browser socket

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

该工具用于导出正在运行中的微信进程的 key 并自动解密所有微信数据库文件以及导出 key 后数据库文件离线解密。

Nimbo-C2 is yet another (simple and lightweight) C2 framework

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments

Compiled tools for internal assessments

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Self-hosted passive subdomain continous monitoring tool.

A command-line interface (CLI) based passive subdomain discovery utility. It is designed to efficiently identify known subdomains of given domains by tapping into a multitude of curated online passive sources.

Persistent Powershell backdoor tool

A fast and comprehensive tool for organizational network scanning

rsGen is a Reverse Shell Payload Generator for hacking.

RegStrike is a .reg payload generator

A Bug Bounty Platform that allows hunters to issue commands over a geo-distributed cluster. The ideal user is someone who is attempting to scan multiple bug bounty programs simultaneously, on a recurring basis.

Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.

Nim process hollowing loader