README.md

Offensive Toolbox

Offensive Operating Systems

• Kali Linux - The one, the only. Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
  • pimpmykali - Fixes for new imported Kali Linux virtual machines
  • Penetration Testing: Using Kali Linux - pg. 55
• ParrotOS - Parrot OS, the flagship product of Parrot Security is a GNU/Linux distribution based on Debian and designed with Security and Privacy in mind. It includes a full portable laboratory for all kinds of cyber security operations, from pentesting to digital forensics and reverse engineering, but it also includes everything needed to develop your own software or keep your data secure.
• Commando-VM - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution.
• ThreatBox - A handy offensive linux distro that uses a set of Ansible playbooks for automation and deployment.
• AriaCloud - A remote penetration testing Docker container, with a focus on including cloud penetration testing tools for Azure, AWS, and GCP.
• https://blackarch.org/ - Offensive Distrobution based on Arch.
• ****Exegol - Exegol is a fully configured docker with many useful additional tools, resources (scripts and binaries for privesc, credential theft etc.) and some configuration (oh-my-zsh, history, aliases, colorized output for some tools). It can be used in pentest engagements, bugbounty, CTF, HackTheBox, OSCP lab & exam and so on.
  • https://hakin9.org/exegol-a-fully-featured-and-community-driven-hacking-environment/

Tool collections

• Awesome Lists Collection: Security Tools
• A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals :
• HowToHack - Reddit's Penetration tools list
• Rawsec's CyberSecurity Inventory
• ToolsWatch.org – The Hackers Arsenal Tools Portal
• The Penetration Testers Framework - Installation script for a huge collection of security tools to be installed on any linux distro
• The only Penetration testing resources you need - kalitut
• https://0xsp.com/offensive/red-teaming-toolkit-collection
• https://github.com/cheetz - The Github repo if Peter Kim, author of the Hacker Playbook
• https://github.com/GhostPack - Amazing toolkit created by Bloodhound author Harmj0y
• https://github.com/Flangvik/SharpCollection - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
• RedTeam_toolkit - an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teamming together for the security specialist to identify vulnerabilities.
  • https://reconshell.com/redteam-toolkit/
• https://houdini.secsi.io/ - HOUDINI (Hundreds of Offensive and Useful Docker Images for Network Intrusion) is a curated list of Network Security related Docker Images for Network Intrusion purposes.
• TangledWinExec - PoCs and tools for investigation of Windows process execution techniques

Impacket

****Impacket - Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.

• https://www.kali.org/tools/impacket/
• https://www.kali.org/tools/impacket-scripts/
• https://www.secureauth.com/labs/open-source-tools/impacket/
• https://www.hackingarticles.in/impacket-guide-smb-msrpc/
• https://cheatsheet.haax.fr/windows-systems/exploitation/impacket/
• Operator Handbook: Impacket - pg. 93

Powershell tools

• Powershell Suite - Misc handy offensive powershell script
• Nishang - Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.
• PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage.
• PowerHub - PowerHub is a convenient post exploitation tool for PowerShell which aids a pentester in transferring data, in particular code which may get flagged by endpoint protection
• https://www.infosecmatter.com/powershell-commands-for-pentesters/
• http://windowsitpro.com/powershell/running-powershell-scripts-easy-1-2-3
• https://docs.quasarops.com/en/public/the-soc-analyst-scrolls/powershell
• https://docs.quasarops.com/en/public/the-soc-analyst-scrolls/one-liners

Automation

• https://www.ansible.com/ - An enterprise automation platform for the entire IT organization
  • Operator Handbook: Ansible Commands - pg. 16
• threatbox - Offensive distribution loaded with Ansible scripts for offensive automation.Utility techniques are ones you might not use every engagement, but are still super important to have. Sometimes these supplementary techniques will be the only way you can exploit your target.
• https://offensive-terraform.github.io - Automated multi step offensive attack modules with Infrastructure as Code(IaC)
  • https://www.ired.team/offensive-security/red-team-infrastructure/automating-red-team-infrastructure-with-terraform
• https://trickest.com/ - Workflow powered automation platform for security testing.
• expect - Expect is a tool for automating interactive applications according to a script. Following the script, Expect knows what can be expected from a program and what the correct response should be.
• warhorse - Warhorse consists of a fully-featured Ansible playbook to deploy infrastructure in the cloud for conducting security assessments. The Playbook combines Terraform & Ansible to deploy and configure virtual machines for a wide range of use cases. This Playbook is highly customizable and includes operational security. No experience with Ansible or Terraform is required to use this Playbook.
  • https://docs.war-horse.io/

Networking Tools

• 0trace - A traceroute tool that can be run within an existing, open TCP connection, therefore bypassing some types of stateful packet filters with ease.
• fping - fping is a ping like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is responding.
• Netwox Toolkit - Toolbox netwox helps to find and solve network problems.
• hping3 - hping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies.

Stress Testing (DDOS)

• https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html
• https://github.com/ddosify/ddosify - High-performance load testing tool, written in Golang.
• https://github.com/rozgo/anevicon
• https://sourceforge.net/projects/high-orbit-ion-cannon/
• https://github.com/NewEraCracker/LOIC
• https://github.com/649/Memcrashed-DDoS-Exploit
• https://github.com/gkbrk/slowloris
• https://github.com/epsylon/ufonet
• https://github.com/s1l3nt78/Dark-Star
• https://github.com/LimerBoy/Impulse
• https://github.com/RoseSecurity/DNS-Fender
• goldeneye - GoldenEye is a HTTP DoS Test Tool. This tool can be used to test if a site is susceptible to Deny of Service (DoS) attacks. Is possible to open several parallel connections against a URL to check if the web server can be compromised.
• siege - Siege is an regression test and benchmark utility. It can stress test a single URL with a user defined number of simulated users, or it can read many URLs into memory and stress them simultaneously.
• DOS Attack Penetration Testing (Part 1)
• DOS Attack Penetration Testing (Part 2)

ARM Exploitation

• https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation/

Drone Hacking

• https://github.com/HKSSY/Drone-Hacking-Tool

Misc Tools

• Karkinos - Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following:
  • Encoding/Decoding characters
  • Encrypting/Decrypting text or files
  • Reverse shell handling
  • Cracking and generating hashes
• https://sygnialabs.github.io/DROPS/ - Dynamic Pentesting Cheatsheet.
• Interlace - Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
  • https://hakluke.medium.com/interlace-a-productivity-tool-for-pentesters-and-bug-hunters-automate-and-multithread-your-d18c81371d3d
• pyWhat - Command line to to identify...well anything.
• arsenal - Arsenal is just a quick inventory and launcher for hacking programs. Great for filling in the blank.
• WadComs - WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
• scapy - Scapy is a powerful Python-based interactive packet manipulation program and library.
• fragrouter - Fragrouter is a network intrusion detection evasion toolkit.
• python-faraday - Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE.
• routersploit - This package contains an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations
• erfs - An easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server.
  • https://hackerschoice.medium.com/thcs-encrypted-cloud-based-file-system-a39234bd7cac
• LDAPmonitor - Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
• https://github.com/codingo/Interlace - Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

{% content-ref url="utility-commands.md" %} utility-commands.md {% endcontent-ref %}