created: 2022-04-19T19:55:18 (UTC +08:00)
tags: []
source: https://pentestwiki.org/tools-frameworks-for-red-teams/
author:

✅ Tools and Frameworks for RED TEAMS - pentestwiki.org

Excerpt

Learn different tools and frameworks for red team and offensive exercises plus different images to set up your own lab

A red team is an offensive group of cybersecurity experts that simulate attacker’s tactics in order to bypass security protections (firewalls, SIEM, anti-malware) and remain undetected by the blue team.

Offensive security tools

• https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ Kali Linux: The reference Linux-based VM for penetration testing
• https://github.com/fireeye/commando-vm Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
• https://pentestbox.org/ PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
• https://www.metasploit.com/ Metasploit: The world’s most used Penetration testing framework
• https://www.trustedsec.com/pentesters-framework/ PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
• https://www.faradaysec.com/ Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
• http://fastandeasyhacking.com/ Armitage: Cyber Attack Management for Metasploit
• https://www.cobaltstrike.com/ Cobalt Strike: Adversary Simulation and Red team Operations
• https://owtf.github.io/ OWTF: OWASP Offensive Web Testing Framework
• https://github.com/kgretzky/pwndrop Pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV

Social Engineering toolkits

• https://github.com/gophish/gophish gophish: Open-Source Phishing Toolkit
• https://github.com/trustedsec/social-engineer-toolkit SET: Open-source penetration testing framework designed for social engineering

Purple team tools

• https://github.com/mitre/caldera: MITRE CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
• https://github.com/NextronSystems/APTSimulator
• https://github.com/CyberMonitor/Invoke-Adversary
• https://github.com/securemode/Invoke-Apex
• https://github.com/infosecn1nja/Red-Teaming-Toolkit

Test & Lab Cybersecurity Environments

Online resources to train

• https://www.hackthebox.eu/ HTB: Online platform with Penetration testing labs (Similar to OSCP labs)
• https://tryhackme.com/ TryHackMe: Cybersecurity Training
• https://google-gruyere.appspot.com/part1 Google Gruyere: Buggy web application

Offline resources to set up your own lab

• https://github.com/ethicalhack3r/DVWA DVWA: Damn Vulnerable Web Application
• https://canyoupwn.me/kevgir-vulnerable-vm/ Kevgir: Multi Vulnerable Virtual Machine
• https://github.com/WebGoat/WebGoat WebGoat: A deliberately insecure Web Application
• https://sourceforge.net/projects/metasploitable/files/latest/download Metasploitable 2: Metasploitable login is “msfadmin”; the password is also “msfadmin”.
• https://github.com/rapid7/metasploitable3 Metasploitable 3: Is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.