Penetration testing commands for Red Teaming

Red teaming involves conducting realistic attacks to test and evaluate the effectiveness of an organisation’s security controls, procedures, and staff readiness.

NameDescriptionPrice
221bBake a windows payload from the C2 of your choice to bypass AVFree
AntiScan.MeMulti-AV checker that doesn't distribute the check results, based on Dyncheck.comPaid
AVETAntiVirus Evasion Tool; targeting windows machines with executable filesFree
BOF.NETA .NET Runtime for Cobalt Strike's Beacon Object FilesFree
Brute RatelCommand & Control server; DNS over HTTPS, external channels, indirect syscallsPaid
CarbonCopyCreate a spoofed certificate of any online website and signs an executable for AV Evasion; works for Windows and LinuxFree
ConfuserExProtector for .NET applicationsFree
Cortex XDR Config ExtractorParse the Database Lock Files of the Cortex XDR Agent by Palo Alto Networks and extract Agent Settings, the Hash and Salt of the Uninstall Password, as well as possible ExclusionsFree
CovenantCommand & Control framework with multi-user collaborationFree
CredMasterPassword spraying, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttlingFree
CSSGCobalt Strike Shellcode Generator; script used to more easily generate and format beacon shellcode in Cobalt StrikeFree
dnscat2DNS tunnel meant for encrypted Command & Control channel, data exfiltrationFree
DonutGenerates x86_32, x86_64, or AMD64 position-independent shellcode that loads .NET Assemblies, PE files (EXE), VBScript, JScript, and DLL files from memory and runs them with parametersFree
EDRSilencerUses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the serverFree
fireELFFileless linux malware frameworkFree
FreezePayload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy mannerFree
gmailc2Undetectable C2 server that communicates via Google SMTP to evade antivirus protections and network traffic restrictionsFree
Go365User enumeration and password guessing for Office 365 / Microsoft365Free
GophishPhishing toolkit providing the ability to setup and execute phishing engagements and security awareness trainingFree
gscriptGenesis Scripting Engine; framework to rapidly implement custom droppers for all three major operating systemsFree
HadesShellcode loader that combines multiple evasion techniques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRsFree
Hades C2Basic Command and Control serverFree
HardHat C2Cross-platform, collaborative, Command & Control frameworkFree
HavocMalleable post-exploitation command and control frameworkFree
JavaScript ObfuscatorJavaScript obfuscator; features: variables renaming, strings extraction and encryption, dead code injection, control flow flattening, various code transformations, etc.Free
KageGraphical user interface for Metasploit Meterpreter and session handlerFree
King PhisherA tool for testing and promoting user awareness by simulating real world phishing attacksFree
KubesploitPost-exploitation HTTP/2 Command & Control server and agent focused on containerized environmentsFree
lateralusTerminal based phishing campaign toolFree
LightsOutGenerate an obfuscated DLL that will disable AMSI & ETWFree
linkCommand and control framework; HTTPS communication, process injection, in-memory .NET assembly execution, SharpCollection tools, sRDI implementation for shellcode generation, Windows link reloads DLLs from disk into current processFree
LP-DBLogin Pages Database forms a knowledge base on login pages related to malicious activities (C2 panels, phishing kits...)Free
macro_packObfuscation and generation of retro formats such as MS Office documents or VBS like formatFree
MangleManipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRsFree
MerlinPost-exploitation HTTP/2 Command & Control server and agentFree
MFASweepCheck if MFA is enabled on multiple Microsoft servicesFree
MísticaAllows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications; supports encapsulation into HTTP, HTTPS, DNS and ICMP protocolsFree
ModlishkaHTTP reverse proxy designed for phishingFree
monomorphMD5-monomorphic shellcode packer, all payloads have the same MD5 hashFree
MythicCollaborative red teaming frameworkFree
NighthawkCommand & Control framework; multi-operator, API driven, malleable native implantPaid
Nimbo-C2Simple and lightweight Command & Control frameworkFree
NimPlantLight-weight first-stage Command & Control implantFree
OctopusPre-operation C2 serverFree
OverlordCLI used to build Red Teaming infrastructure in an automated way, supports AWS and Digital OceanFree
pe_to_shellcodeConverts PE into a shellcodeFree
PEzorShellcode & PE PackerFree
phpsploitCommand & Controll framework which silently persists on webserver via polymorphic PHP onelinerFree
PipeViewerShows detailed information about named pipes in Windows and searching for insecure permissionsFree
PoshC2Proxy aware Command & Control frameworkFree
PowerShdllRun PowerShell with dlls only to bypass software restrictions; it can be run with rundll32.exe, installutil.exe, regsvcs.exe, regasm.exe, regsvr32.exe or as a standalone executableFree
ProtectMyToolingMulti-Packer wrapper allowing daisy-chaining various packers and obfuscators; featured with artifacts watermarking, IOCs collection & PE backdooringFree
PupyCross-platform, multi function Command & Control and post-exploitation framework; fileless/all-in-memory execution, low footprint, multi-transportFree
QuasarRemote Administration Tool (RAT) for WindowsFree
RedcloudAutomated Red Team Infrastructure deployment using DockerFree
RedELKRed Team's SIEM; used by Red Teams for tracking and alarming about Blue Team activities as well as better usability in long term operationsFree
RedEyeRed team C2 log visualizationFree
ReelPhishReal time phishing toolFree
RulerInteract with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP to abuse the client-side Outlook features and gain a shellFree
ScareCrowPayload creation framework designed around EDR bypassFree
SHAD0WModular C2 framework designed to successfully operate covertly on heavily monitored environmentsFree
SharpC2Command & Control frameworkFree
SharpEDRCheckerDetect and identify the presence of known defensive products such as AV's, EDR's and logging toolsFree
ShellcryptObfuscate shellcode using encoding, encryption, compressionFree
ShelltropyA technique to hide malicious shellcode based on low-entropy via Shannon encodingFree
SILENTTRINITYAsynchronous, multiplayer and multiserver Command & Control frameworkFree
SliverCross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS; remote access tool (RAT)Free
SocialFishPhishing targeting social media logins; supports Ngrok tunneling and a mobile controllerFree
StarkillerWebUI for EmpireFree
Synergy HttpxHTTP(S) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamicallyFree
SysWhisper3SysWhispers on Steroid, AV/EDR evasion via direct system callsFree
TeamsImplantMS Teams implant persistent backdoorFree
TrevorC2Command and control framework masking the activity by emulating legitimate websiteFree
UBoatHTTP botnet PoCFree
VillainDistributed command and control frameworkFree
WarhorseAnsible playbook to deploy infrastructure in the cloud for conducting Red Team assessmentsFree
ZphisherAutomated phishing tool with multiple tunneling options; fork of ShellphishFree