OFFENSIVE SECURITY TOOLS FOR PENTESTING & RED TEAM OPERATIONS

Every so often I post a tweet on Twitter asking for people’s arsenal of different tools whether for security, coding or whatever. I decided to repost my list of favorite offensive security tools and asked others they liked to use:

What I got back was an impressive list of tools penetration testing and red team operations tools, many of which were new to me which I can now learn from. I wanted to make sure to share these out:

Kerbrute
Impacket
Rubeus
PoshADCS
Kekeo
Powershell
LOLBAS
WDAC Bypass Repo
Charlotte
Donut
RunasCS
ADFSDump
Proxychains4
Sshuttle
LAPSDumper
Modlishka
Evilginx2
Mitm6
Dirsearch
SecLists
BurpSuite
SSH
PowerView
AADInternals
TokenTactics
Visual Studio (Code)
PowerUp
PowerUpSQL
Rubeus
Chisel
GoPhish
Fierce
Shodan
MFAsweep
o365enum
WireShark
CobaltStrike
Snaffler for looting smb shares
Hive by hexway for reporting and team collaboration
Pacu for AWS
Stormspotter for Azure
Empire
Badrats
CrackMapExec
Impacket
Metasploit
MimiKatz
BloodHound
Evil-WinRM
SharPersist
PwnCat (CalebStewart version)
Gobuster
Responder
PowerShell
Hashcat
SQLMap
Dehashed
Inveigh
Powermad
Rpcdump
Ldapsearch
Rpcclient

Remember, use these for good. :)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rey Bango

Tinkering in cybersecurity at Veracode and helping developers build secure software. Fortis Fortuna Adiuvat. Opinions are mine.