Infosec_Reference - An Information Security Reference That Doesn't Suck

•    Python

An Information Security Reference That Doesn't Suck

caldera - An automated adversary emulation system

•    Python

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project. These features allow CALDERA to dynamically operate over a set of systems using variable behavior, which better represents how human adversaries perform operations than systems that follow prescribed sequences of actions. CALDERA is useful for defenders who want to generate real data that represents how an adversary would typically behave within their networks. Since CALDERA's knowledge about a network is gathered during its operation and is used to drive its use of techniques to reach a goal, defenders can get a glimpse into how the intrinsic security dependencies of their network allow an adversary to be successful. CALDERA is useful for identifying new data sources, creating and refining behavioral-based intrusion detection analytics, testing defenses and security configurations, and generating experience for training.

nishang - Nishang - Offensive PowerShell for penetration testing and offensive security.

•    PowerShell

Import all the scripts in the current PowerShell session (PowerShell v3 onwards). Use the individual scripts with dot sourcing.

Red-Teaming-Toolkit - A collection of open source and commercial tools that aid in red team operations

A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request.

Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection

•    Python

CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination. For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.

DumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events

•    Python

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled "live fire" range events. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts. The toolset is designed to be dynamically extensible, allowing you to create your own Fires (event modules) to add to the included collection of toolset Fires. Just write your own Fire module and drop it into the FireModules directory. The DumpsterFire toolset will auto-detect your custom Fires at startup and make them available for use.

SessionGopher - SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop

•    PowerShell

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems, jump boxes, or point-of-sale terminals.

SessionGopher - SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop

•    PowerShell

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems, jump boxes, or point-of-sale terminals.

dns-rebind-toolkit - A front-end JavaScript toolkit for creating DNS rebinding attacks.

•    Javascript

DISCLAIMER: This software is for educational purposes only. This software should not be used for illegal activity. The author is not responsible for its use. Don't be a dick. DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN). It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, "smart" thermostats, and other IoT devices. With this toolkit, a remote attacker can bypass a router's firewall and directly interact with devices on the victim's home network, exfiltrating private information and in some cases, even controlling the vulnerable devices themselves.

whonow - A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind

•    Javascript

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves. What's great about dynamic DNS Rebinding rules is that you don't have to spin up your own malicious DNS server to start exploiting the browser's Same-origin policy. Instead, everyone can share the same public whonow server running on port 53 of rebind.network.

dart - DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments

•    Python

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments. DART is intended to be executed in isolated, uncontested environments such as an isolan, private test network, or on a standalone machine. It is not intended for deployment on untrusted networks.

CobaltStrike-Toolset - Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

•    PowerShell

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

go-deliver - Go-deliver is a payload delivery tool coded in Go.

•    Go

Go-deliver is a payload delivery tool coded in Go. This is the first version and other features will be added in the future. Currently go-deliver supports only http and https server for payload delivery. More server types will be added later. To change the port of the http server you can modify the config.conf.

infosec-interview-questions - 🗒️ A [work-in-progress] collection for interview questions for Information Security roles

🗒️ A [work-in-progress] collection for interview questions for Information Security roles

dref - DNS Rebinding Exploitation Framework

•    Javascript

Head over to the Wiki to get started or check out dref attacking headless browsers for a practical use case.

netmap.js - Fast browser-based network discovery module

•    Javascript

netmap.js provides browser-based host discovery and port scanning capabilities to allow you to map website visitors' networks. It's quite fast, making use of es6-promise-pool to efficiently run the maximum number of concurrent connections browsers will allow.

PacketWhisper - PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography

•    Python

PacketWhisper - Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains; Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls. Convert any file type (e.g. executables, Office, Zip, images) into a list of Fully Qualified Domain Names (FQDNs), use DNS queries to transfer data. Simple yet extremely effective. Traditional DNS exfiltration relies on one of the following: DNS tunneling; Hiding data in DNS query fields; or Encoded / encrypted payloads that are broken up and used as subdomains in the DNS query. All of these methods require that the attacker control a domain and/or an associated DNS Name Server to receive the data, which leads to attribution. Those approaches are also vulnerable to DNS Name Server blacklisting (common) and whitelisting (increasingly common). Another problem is that DFIR analysts are familiar with these methods, and SIEM systems will often detect and alert on seeing them.

Platypus - :hammer: A modern multiple reverse shell sessions manager written in go

•    Go

:hammer: A modern multiple reverse shell sessions manager written in go

AIRMASTER - Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

•    Go

A good way to get a domain list is registering for ExpiredDomains and using the Export .COM feature. If you want to get a domain with specific keywords, you can use the keywords feature. This will take a bit longer and have less results, but it can still work extremely well.