Penetration testing commands for Red Teaming

Red teaming involves conducting realistic attacks to test and evaluate the effectiveness of an organisation’s security controls, procedures, and staff readiness.

NameDescriptionPrice
221bBake a windows payload from the C2 of your choice to bypass AVFree
BOF.NETA .NET Runtime for Cobalt Strike's Beacon Object FilesFree
Brute RatelCommand & Control server; DNS over HTTPS, external channels, indirect syscallsPaid
CredMasterPassword spraying, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttlingFree
CSSGCobalt Strike Shellcode Generator; script used to more easily generate and format beacon shellcode in Cobalt StrikeFree
DonutGenerates x86_32, x86_64, or AMD64 position-independent shellcode that loads .NET Assemblies, PE files (EXE), VBScript, JScript, and DLL files from memory and runs them with parametersFree
gscriptGenesis Scripting Engine; framework to rapidly implement custom droppers for all three major operating systemsFree
HardHat C2Cross-platform, collaborative, Command & Control frameworkFree
linkCommand and control framework; HTTPS communication, process injection, in-memory .NET assembly execution, SharpCollection tools, sRDI implementation for shellcode generation, Windows link reloads DLLs from disk into current processFree
MangleManipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRsFree
MísticaAllows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications; supports encapsulation into HTTP, HTTPS, DNS and ICMP protocolsFree
MythicCollaborative red teaming frameworkFree
NimPlantLight-weight first-stage Command & Control implantFree
PEzorShellcode & PE PackerFree
PowerShdllRun PowerShell with dlls only to bypass software restrictions; it can be run with rundll32.exe, installutil.exe, regsvcs.exe, regasm.exe, regsvr32.exe or as a standalone executableFree
CarbonCopyCreate a spoofed certificate of any online website and signs an executable for AV Evasion; works for Windows and LinuxFree
dnscat2DNS tunnel meant for encrypted Command & Control channel, data exfiltrationFree
KubesploitPost-exploitation HTTP/2 Command & Control server and agent focused on containerized environmentsFree
lateralusTerminal based phishing campaign toolFree
macro_packObfuscation and generation of retro formats such as MS Office documents or VBS like formatFree
MerlinPost-exploitation HTTP/2 Command & Control server and agentFree
ModlishkaHTTP reverse proxy designed for phishingFree
NighthawkCommand & Control framework; multi-operator, API driven, malleable native implantPaid
OctopusPre-operation C2 serverFree
OverlordCLI used to build Red Teaming infrastructure in an automated way, supports AWS and Digital OceanFree
phpsploitCommand & Controll framework which silently persists on webserver via polymorphic PHP onelinerFree
QuasarRemote Administration Tool (RAT) for WindowsFree
ConfuserExProtector for .NET applicationsFree
Cortex XDR Config ExtractorParse the Database Lock Files of the Cortex XDR Agent by Palo Alto Networks and extract Agent Settings, the Hash and Salt of the Uninstall Password, as well as possible ExclusionsFree
CovenantCommand & Control framework with multi-user collaborationFree
EDRSilencerUses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the serverFree
fireELFFileless linux malware frameworkFree
FreezePayload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy mannerFree
gmailc2Undetectable C2 server that communicates via Google SMTP to evade antivirus protections and network traffic restrictionsFree
HadesShellcode loader that combines multiple evasion techniques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRsFree
King PhisherA tool for testing and promoting user awareness by simulating real world phishing attacksFree
MFASweepCheck if MFA is enabled on multiple Microsoft servicesFree
monomorphMD5-monomorphic shellcode packer, all payloads have the same MD5 hashFree
Nimbo-C2Simple and lightweight Command & Control frameworkFree
PoshC2Proxy aware Command & Control frameworkFree
ProtectMyToolingMulti-Packer wrapper allowing daisy-chaining various packers and obfuscators; featured with artifacts watermarking, IOCs collection & PE backdooringFree
RedcloudAutomated Red Team Infrastructure deployment using DockerFree
AntiScan.MeMulti-AV checker that doesn't distribute the check results, based on Dyncheck.comPaid
AVETAntiVirus Evasion Tool; targeting windows machines with executable filesFree
GophishPhishing toolkit providing the ability to setup and execute phishing engagements and security awareness trainingFree
Go365User enumeration and password guessing for Office 365 / Microsoft365Free
Hades C2Basic Command and Control serverFree
HavocMalleable post-exploitation command and control frameworkFree
JavaScript ObfuscatorJavaScript obfuscator; features: variables renaming, strings extraction and encryption, dead code injection, control flow flattening, various code transformations, etc.Free
KageGraphical user interface for Metasploit Meterpreter and session handlerFree
LightsOutGenerate an obfuscated DLL that will disable AMSI & ETWFree
LP-DBLogin Pages Database forms a knowledge base on login pages related to malicious activities (C2 panels, phishing kits...)Free
pe_to_shellcodeConverts PE into a shellcodeFree
PipeViewerShows detailed information about named pipes in Windows and searching for insecure permissionsFree
PupyCross-platform, multi function Command & Control and post-exploitation framework; fileless/all-in-memory execution, low footprint, multi-transportFree
SliverCross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS; remote access tool (RAT)Free
SocialFishPhishing targeting social media logins; supports Ngrok tunneling and a mobile controllerFree
UBoatHTTP botnet PoCFree
RedELKRed Team's SIEM; used by Red Teams for tracking and alarming about Blue Team activities as well as better usability in long term operationsFree
SharpC2Command & Control frameworkFree
SysWhisper3SysWhispers on Steroid, AV/EDR evasion via direct system callsFree
VillainDistributed command and control frameworkFree
WarhorseAnsible playbook to deploy infrastructure in the cloud for conducting Red Team assessmentsFree
ZphisherAutomated phishing tool with multiple tunneling options; fork of ShellphishFree
RedEyeRed team C2 log visualizationFree
RulerInteract with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP to abuse the client-side Outlook features and gain a shellFree
SharpEDRCheckerDetect and identify the presence of known defensive products such as AV's, EDR's and logging toolsFree
ShellcryptObfuscate shellcode using encoding, encryption, compressionFree
SILENTTRINITYAsynchronous, multiplayer and multiserver Command & Control frameworkFree
StarkillerWebUI for EmpireFree
Synergy HttpxHTTP(S) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamicallyFree
ReelPhishReal time phishing toolFree
ScareCrowPayload creation framework designed around EDR bypassFree
SHAD0WModular C2 framework designed to successfully operate covertly on heavily monitored environmentsFree
ShelltropyA technique to hide malicious shellcode based on low-entropy via Shannon encodingFree
TeamsImplantMS Teams implant persistent backdoorFree
TrevorC2Command and control framework masking the activity by emulating legitimate websiteFree