Search Results for "offensive penetration testing"

PoshC2 is a proxy-aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in...

FLARE VM is a security-focused Windows workstation distribution designed for malware analysis, reverse engineering, penetration testing, and threat hunting. It bundles a curated set of tools—disassemblers, debuggers, decompilers, virtualization, forensics utilities, packet capture tools, exploit frameworks, and hex editors—preconfigured to work together. The environment configures paths, dependencies, environment variables, and common tool integrations so analysts can focus on tasks rather than setup. ...

The Offensive Reverse Shell Cheat Sheet is a compilation of reverse shell payloads useful for red team operations and penetration testing. It provides ready-to-use code snippets in various programming languages, facilitating the establishment of reverse shells during security assessments.​

WinPwn is a PowerShell-based toolkit for automating internal Windows penetration testing and Active Directory reconnaissance. It streamlines many manual steps by integrating reconnaissance modules like Seatbelt, Inveigh, Rubeus, and PrivescCheck. With proxy auto‑detection, endpoint enumeration, and exploitation routines, it's widely used in red team and blue team tool chains.

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Import all the scripts in the current PowerShell session (PowerShell v3 onwards). Use the individual scripts with dot sourcing. Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8. ...

...Payloads demonstrate how the device can emulate human interface devices (keyboard/mouse), Ethernet adapters, serial gadgets, or mass storage to automate complex workflows once plugged into a host. The collection ranges from benign administrative automation to offensive security demonstrations used in penetration testing, showcasing patterns like keystroke automation, reverse shells, credential capture (for lab use), and lateral transport techniques. Each payload typically includes a payload.txt control file with stages and configurable parameters so operators can adapt behavior to different targets. ...