• POSHC2: PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent (System.Management.Automation.dll) to aid penetration testers with red teaming, post-exploitation and lateral movement.
• Invoke-PSImage: Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
• pupy: Pupy is a cross-platform, multi function RAT and post-exploitation tool mainly written in python.
• LaZagne: The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer.
• impacket: Impacket is a collection of Python classes for working with network protocols.
• CheckPlease: Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
• phishery: An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector
• unicorn: Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
• Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
• rpivot: RPIVOT allows to tunnel traffic into internal network via socks 4. It works like ssh dynamic port forwarding but in the opposite direction.
• reGeorg: The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ.
• CACTUSTORCH: A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.
• tinymet: TinyMet is a tiny “4.5 kilobytes” flexible meterpreter stager, which supports multiple meterpreter transports, setting LPORT and LHOST during runtime.
• EarthWorm: EarthWorm is a portable network penetration tool with two core functions: SOCKS v5 service setup and port forwarding, which can complete network penetration in complex network environments.
• juicy-potato: Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
• HTran: HTran is a connection bouncer, a kind of proxy server. A “listener” program is hacked stealthily onto an unsuspecting host anywhere on the Internet.
• Empire: Empire is a PowerShell and Python post-exploitation agent.
• SafetyKatz: SafetyKatz is a combination of slightly modified version of @gentilkiwi’s Mimikatz project and @subTee’s .NET PE Loader
• QuasarRat: Quasar is a fast and light-weight remote administration tool coded in C#.
• Tunna: Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
• powercat: Netcat: The powershell version.
• Ruler: A tool to abuse Exchange services.
• Invoke-Obfuscation: Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.
• koadic: Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.
• SharpHound: C# Rewrite of the BloodHound Ingestor
• PowerSploit: PowerSploit - A PowerShell Post-Exploitation Framework
• androrat: Remote Administration Tool for Android
• PAExec: PAExec is a free, redistributable and open source equivalent to Microsoft’s popular PsExec application
• quarkspwdump: Dump various types of Windows credentials without injecting in any process
• Windows Credential Editor: Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials.
• AsyncRAT-C-Sharp & QuasarRAT: RAT
• nbtscan: This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. METERPRETER: Metaspolit payload
• Bitvise: SSH client/server

Red Teaming Toolkit: A collection of open source and commercial tools that aid in red team operations.

GoFetch -

это инструмент для автоматического осуществления плана атаки, созданного приложением BloodHound .

GoFetch сначала загружает путь локальных пользователей-администраторов и компьютеров, созданных BloodHound, и преобразует его в свой собственный формат плана атаки. Как только план атаки готов, GoFetch продвигается к месту назначения в соответствии с планом, шаг за шагом, последовательно применяя методы удаленного выполнения кода и скомпрометируя учетные данные с Mimikatz.

#### awesome-pentest Топовые инструменты для работы)

One-Lin3r

pip3 install one-lin3r [инструмент достоин внимания!]

evil-winrm

WinRM (Windows Remote Management) - это реализация протокола WS-Management от Microsoft. Стандартный протокол на основе SOAP, позволяющий взаимодействовать аппаратным и операционным системам разных производителей. Microsoft включила его в свои операционные системы, чтобы облегчить жизнь системным администраторам.

Эту программу можно использовать на любых серверах Microsoft Windows с включенной этой функцией (обычно на порту 5985), конечно, только если у вас есть учетные данные и разрешения на ее использование. Таким образом, мы можем сказать, что он может быть использован в фазе взлома / пентестинга после эксплуатации. Цель этой программы - предоставить приятные и простые в использовании функции для взлома. Он также может быть использован в законных целях системными администраторами, но большинство его функций сосредоточено на взломе / тестировании.

AggressorScripts for Cobalt_Strike

• https://github.com/rsmudge/ElevateKit
• https://github.com/vysec/CVE-2018-4878
• https://github.com/harleyQu1nn/AggressorScripts
• https://github.com/bluscreenofjeff/AggressorScripts
• https://github.com/ramen0x3f/AggressorScripts
• https://github.com/360-A-Team/CobaltStrike-Toolset
• https://github.com/ars3n11/Aggressor-Scripts
• https://github.com/michalkoczwara/aggressor_scripts_collection
• https://github.com/vysec/Aggressor-VYSEC
• https://github.com/killswitch-GUI/CobaltStrike-ToolKit
• https://github.com/ZonkSec/persistence-aggressor-script
• https://github.com/ramen0x3f/AggressorScripts
• https://github.com/rasta-mouse/Aggressor-Script
• https://github.com/RhinoSecurityLabs/Aggressor-Scripts
• https://github.com/Und3rf10w/Aggressor-scripts
• https://github.com/Kevin-Robertson/Inveigh
• https://github.com/Genetic-Malware/Ebowla
• https://github.com/001SPARTaN/aggressor_scripts
• https://github.com/gaudard/scripts/tree/master/red-team/aggressor
• https://github.com/branthale/CobaltStrikeCNA
• https://github.com/oldb00t/AggressorScripts
• https://github.com/p292/Phant0m_cobaltstrike
• https://github.com/p292/DDEAutoCS
• https://github.com/secgroundzero/CS-Aggressor-Scripts
• https://github.com/skyleronken/Aggressor-Scripts
• https://github.com/tevora-threat/aggressor-powerview
• https://github.com/tevora-threat/PowerView3-Aggressor
• https://github.com/threatexpress/aggressor-scripts
• https://github.com/threatexpress/red-team-scripts
• https://github.com/threatexpress/persistence-aggressor-script
• https://github.com/FortyNorthSecurity/AggressorAssessor
• https://github.com/mdsecactivebreach/CACTUSTORCH
• https://github.com/C0axx/AggressorScripts
• https://github.com/offsecginger/AggressorScripts
• https://github.com/tomsteele/cs-magik
• https://github.com/bitsadmin/nopowershell
• https://github.com/SpiderLabs/SharpCompile
• https://github.com/realoriginal/reflectivepotato