This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

A curated reference list of open-source security tools organized by attack phase, reconnaissance, initial access, persistence, and exfiltration, for penetration testers and red teamers.

Attack and defend active directory using modern post exploitation adversary tradecraft activity

A curated list of awesome resources related to Mitre ATT&CK™ Framework

Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.

A collection of red teaming and adversary emulation related tools, scripts, techniques, notes, etc

SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.

VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exfiltration techniques used by advanced threat actors, allowing organizations to evaluate and improve their security posture.

This is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).

TTPMapper is an AI-driven threat intelligence parser that converts unstructured reports whether from web URLs or PDF files into structured intelligence. Using the DeepSeek LLM, it extracts MITRE ATT&CK techniques, IOCs, threat actors, and generates contextual summaries.

Invoke-AtomicAssessment is a powerful tool designed to facilitate adversary emulation by leveraging Atomic Red Team.

Convert Empire profiles to Apache mod_rewrite scripts

A curated list of awesome threat detection and hunting resources

Wiki to collect Red Team infrastructure hardening resources

A curated list of Awesome Threat Intelligence resources

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Small and highly portable detection tests.

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Detect Tactics, Techniques & Combat Threats

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

No description.

Empire is a PowerShell and Python post-exploitation agent.

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.

The Hunting ELK

Six Degrees of Domain Admin

Veil 3.1.X (Check version info in Veil at runtime)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

MITRE ATT&CK Windows Logging Cheat Sheets

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

Malicious Macro Generator

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

An informational repo about hunting for adversaries in your IT environment.

Python Server for PoshC2

Metasploit Framework

Generic Signature Format for SIEM Systems

Trying to tame the three-headed dog.

Adversary Emulation Framework

Indonesian wordlist useful for password cracking

initial commit

Egress-Assess is a tool used to test egress data detection capabilities