Search Results for "pentest-lab"
Sort By:
Showing 11 open source projects for "pentest-lab"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
1
GOAD (Game of Active Directory)
game of active directory
GOAD (Gather Open Attack Data) is a security reconnaissance framework for collecting, enriching, and visualizing open-source intelligence (OSINT) around hosts, domains, and certificates. It automates queries to certificate transparency logs, passive DNS, subdomain enumeration, web endpoints, and other public threat feeds. The tool aggregates results into structured formats and can produce interactive graphs to highlight relationships between entities (e.g. domain → IP → cert → ASN). Analysts... -
2
Fast-Kubernetes
This repo covers Kubernetes with LABs: Kubectl, Pod, Deployment
...The content is organized as Markdown how-tos and cheat-sheets covering core objects and workflows — Pods, Deployments, Services, ConfigMaps, Secrets, PV/PVC, StatefulSets, DaemonSets, Jobs/CronJobs, Ingress, affinity/taints, and more — plus command-line kubectl quick references. It also includes end-to-end cluster setup guides (kubeadm with containerd or Docker, Minikube examples), Helm and CI/CD notes (Helm + Jenkins lab), and monitoring guidance with Prometheus & Grafana so learners can practice real operational tasks. Labs are written as short, reproducible exercises (imperative and declarative examples) designed for people who already know containers and want concrete, runnable Kubernetes practice. -
3
BadUSB
Flipper Zero badusb payload library
...The codebase is frequently intended for security research and defensive testing: defenders and red teams use it to validate endpoint controls, USB whitelisting, and user training. Due to the dual-use nature of such techniques, responsible repositories emphasize lab-only experiments, consent-based testing, and mitigations like disabling autorun, enforcing device policies, and using endpoint detection. -
4
AutomatedLab
Framework that lets you deploy complex labs on HyperV and Azure
...It supports all Windows operating systems from 2008 R2 to 2019, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc. AutomatedLab (AL) enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requires Windows Management Framework 5+ (Windows). Requires Intel VT-x or AMD/V capable CPU, a decent amount of RAM, and low-latency high-throughput storage (No spinning disks please, as there are issues related to them). ... -
Secure File Transfer for Windows with Cerberus by RedwoodCerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
-
5
Ultimate AppLocker Bypass List
The most common techniques to bypass AppLocker
...It is aimed primarily at defenders, incident responders, and security researchers who need a consolidated reference to understand common bypass vectors and to validate detection logic. The repository emphasizes defensive use—helping blue teams craft allow-list policies, create detection rules, and test policy hardening in isolated lab environments—rather than offensive exploitation. -
6
Penetration Testing Tools
A collection of more than 170+ tools, scripts, cheatsheets
...Many entries include short usage notes, common command examples, and links to upstream projects or writeups, turning the repo into both a toolbox and a practical learning library. The collection emphasizes tooling that is easy to run in lab environments and often points to small scripts and one-file utilities that accelerate common tasks like service discovery, credential harvesting, or privilege checks. -
7
BadBlood
Flls Microsoft Active Directory Domain with a structure
...The project is driven by a single entry script (Invoke-BadBlood.ps1) and a collection of modular components that create OUs, seed users and groups, set ACLs, configure LAPS scenarios, and generate other attack/defense artifacts for lab use. Because it modifies a real AD forest, BadBlood requires high privileges (Domain Admin and Schema Admin) to run and the README warns strongly that it is not responsible for cleanup if used in production. -
8
vulnerable-AD
Create a vulnerable active directory
...The project can create user objects with default or weak passwords, inject passwords into object descriptions, disable SMB signing, and manipulate ACLs to reproduce real-world privilege escalation and persistence scenarios. A convenience wrapper and examples make it straightforward to deploy in a local lab: you can install AD services, run the script on a domain controller, and generate hundreds of vulnerable accounts and conditions for testing. The repository emphasizes full coverage of the listed attack types and includes options to randomize which weakness -
9
Active Directory Exploitation
A cheat sheet that contains common enumeration and attack methods
...The repository is organized as a stepwise kill-chain: recon, domain enumeration, local privilege escalation, user hunting, BloodHound guidance, lateral movement, persistence, domain-admin takeover, cross-trust attacks, data exfiltration, and a toolbox of payloads and helper scripts. It aggregates short, copy-ready PowerShell, C, .NET and Python snippets as well as command examples so operators can quickly run checks or reproduce techniques in lab environments. The content also includes .NET payload patterns, reverse PowerShell helpers, notes on privileged accounts and groups, and practical tips for hunting or protecting high-value targets. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
10
BashBunny Payloads
The Official Bash Bunny Payload Repository
...The collection ranges from benign administrative automation to offensive security demonstrations used in penetration testing, showcasing patterns like keystroke automation, reverse shells, credential capture (for lab use), and lateral transport techniques. Each payload typically includes a payload.txt control file with stages and configurable parameters so operators can adapt behavior to different targets. Because the device and its payloads are powerful, the repository emphasizes responsible use—training, red-team engagements with authorization, and awareness of legal/ethical boundaries. -
11
PowerSploit
A PowerShell Post-Exploitation Framework
PowerSploit is a PowerShell-based post‑exploitation framework widely used by penetration testers, red‑teamers, and security researchers. It includes modules for code execution, introspection, lateral movement, persistence, and data exfiltration—deeply integrated into Windows environments.
- Previous
- You're on page 1
- Next
