Showing 36 open source projects for "red"

View related business solutions
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • Stop Cyber Threats with VM-Series Next-Gen Firewall on Azure Icon
    Stop Cyber Threats with VM-Series Next-Gen Firewall on Azure

    Native application identity and user-based security for your Azure cloud

    Gain integrated visibility across all traffic in a single pass. Deploy Palo Alto Networks VM-Series to determine application identity and content while automating security policy updates via rich APIs.
    Get a free trial
  • 1
    theHarvester

    theHarvester

    E-mails, subdomains and names

    theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.
    Downloads: 34 This Week
    Last Update:
    See Project
  • 2
    RedAmon

    RedAmon

    AI-powered framework for automated penetration testing and red teaming

    RedAmon is an AI-powered red team framework designed to automate offensive cybersecurity operations from reconnaissance to exploitation and post-exploitation. It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention.
    Downloads: 7 This Week
    Last Update:
    See Project
  • 3
    Claude BugHunter

    Claude BugHunter

    A Claude Code skill bundle for bug hunting

    Claude-BugHunter is a Claude Code skill bundle focused on bug hunting, security testing, and external red-team research workflows. It packages a large collection of specialized skills, slash commands, and disclosed-report patterns so Claude Code can reason through common vulnerability classes more systematically. The project is meant to help authorized testers structure reconnaissance, triage, hypothesis building, exploitation reasoning, and reporting.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 4
    XRAY

    XRAY

    XRay for recon, mapping and OSINT gathering from public networks

    ...It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. The modular architecture means users can customize or extend the engine with new analyzers, fuzzers, or output formats tailored to specific testing environments. ...
    Downloads: 2 This Week
    Last Update:
    See Project
  • $300 Free Credits to Build on Google Cloud Icon
    $300 Free Credits to Build on Google Cloud

    New to Google Cloud? Get $300 in credits to explore Compute Engine, BigQuery, Cloud Run, Gemini Enterprise Agent Platform, and more.

    Start your next project with $300 in free Google Cloud credit. Spin up VMs, run containers, query petabytes in BigQuery, or build agents with Gemini Enterprise Agent Platform. Once your credits are used, keep building with 20+ always-free tier products including Compute Engine, Cloud Storage, GKE, and Cloud Run functions. No commitment required—just sign up and start building.
    Claim $300 Free
  • 5
    bettercap

    bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks

    bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.
    Downloads: 68 This Week
    Last Update:
    See Project
  • 6
    Internal All The Things

    Internal All The Things

    Active Directory and Internal Pentest Cheatsheets

    ...It covers a broad range of topics; AD certificate services, Kerberos attacks, lateral movement, tooling, post-exploitation techniques, and networking. The content is designed to help both learners and experienced red-teamers fill gaps in their internal pentest knowledge, especially for environments where AD and internal tooling dominate. Because internal engagements often have more complexity and fewer online guides compared to internet-facing web apps, this repo serves as a converging point for best practices, write-ups, and cheat sheets. The repository is structured, continuously updated, and encourages contributions, so its value grows over time. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 7
    BBOT

    BBOT

    The recursive internet scanner for hackers

    ...The project emphasizes extensibility, allowing users to create or integrate custom modules that expand the scope of reconnaissance tasks without modifying the core engine. BBOT is particularly valuable for security researchers and red teamers who need to automate multi-stage discovery processes across complex infrastructures. Its architecture supports chaining multiple reconnaissance techniques together, enabling continuous discovery rather than one-off scans. The tool balances power and usability by providing sensible defaults while still exposing deep configuration options for advanced users.
    Downloads: 7 This Week
    Last Update:
    See Project
  • 8
    Splunk Attack Range

    Splunk Attack Range

    A tool that allows you to create vulnerable environments

    The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 9
    BadUSB

    BadUSB

    Flipper Zero badusb payload library

    ...It typically contains firmware examples, payloads, and explanations showing how a device presenting as a Human Interface Device (HID) can inject keystrokes, open shells, or orchestrate data exfiltration when plugged into a machine. The codebase is frequently intended for security research and defensive testing: defenders and red teams use it to validate endpoint controls, USB whitelisting, and user training. Due to the dual-use nature of such techniques, responsible repositories emphasize lab-only experiments, consent-based testing, and mitigations like disabling autorun, enforcing device policies, and using endpoint detection.
    Downloads: 6 This Week
    Last Update:
    See Project
  • AI-powered service management for IT and enterprise teams Icon
    AI-powered service management for IT and enterprise teams

    Enterprise-grade ITSM, for every business

    Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
    Try it Free
  • 10
    SCAP Security Guide

    SCAP Security Guide

    Security automation content in SCAP, Bash, Ansible, and other formats

    The purpose of this project is to create security policy content for various platforms, Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, SUSE Linux Enterprise Server (SLES), as well as products, Firefox, Chromium, JRE. We aim to make it as easy as possible to write new and maintain existing security content in all the commonly used formats. "SCAP content" refers to documents in the XCCDF, OVAL and Source DataStream formats.
    Downloads: 8 This Week
    Last Update:
    See Project
  • 11
    Domain Password Spray

    Domain Password Spray

    A tool written in PowerShell to perform password assessments

    ...Output formats include summary reports and structured logs to help analysts triage which accounts were hit and where to prioritize defensive follow-up. The codebase is written to be used by penetration testers, red teams, and security assessors in authorized engagements and emphasizes responsible use; the README explicitly warns against unauthorized use and stresses running tests only with permission.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 12
    PoshC2

    PoshC2

    C2 framework used to aid red teamers with post-exploitation

    PoshC2 is a proxy-aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 13
    Stegcore

    Stegcore

    A cross-platform crypto-steganography toolkit

    ...Unlike basic steganography tools that hide data without encrypting it, Stegcore ensures the payload is cryptographically protected at rest. Unlike pure encryption tools, the payload isn't even visible. Designed for journalists, security researchers, red teamers, digital forensics professionals, and CTF participants.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 14
    Hercules_free_version

    Hercules_free_version

    Almacenamiento seguro offline para semillas BIP39 con cifrado avanzado

    ...Su funcionamiento es sencillo e intuitivo, pensado tanto para usuarios técnicos como para inversores que buscan máxima seguridad sin complicaciones. HERCULES no se conecta a la red, no accede a tus fondos y no requiere datos personales, lo que garantiza privacidad total. “Software firmado digitalmente con certificado de firma de código de SSL.com.” File signed with certificate: Owner: Wladimir Marino Materan Velasquez SerialNumber: 107926026636172561193259228594730909048
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    RufasSlider

    RufasSlider

    Klotsky class block slider puzzles.

    ...The Traffic-Rush family uses data, with 2x1, 1x2, 3x1, 1x3 rectangles. Here, the long rectangles represent cars or trucks that can only move [roll] lengthwise...the goal being to move the red car toward the shaded "exit door". The proper command to extract the archive and maintain the directory structure is "7z x filename".
    Downloads: 0 This Week
    Last Update:
    See Project
  • 16
    Password Strength Checker

    Password Strength Checker

    Desktop application to check the strength of password

    Efficient desktop application to check the strength of password. Using this software, you can assess the strength of your password with color coded meter 🔴 Weak = Red color 🟤 Moderate = Brown color 🟣 Strong = Purple color 🟢 Very strong = Green color Toggle your password visibility when checking the strength of password.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 17
    DeathStar

    DeathStar

    RESTful API to automate gaining Domain Enterprise Admin rights

    DeathStar is a Python-based red-team automation project that integrates with the Empire REST API for Active Directory security assessment. Its main purpose is to demonstrate how common Active Directory misconfigurations can be chained together in automated attack-path scenarios. The project focuses on controlled assessment workflows that model privilege escalation paths in enterprise Windows environments.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 18
    Wifipumpkin3

    Wifipumpkin3

    Powerful framework for rogue access point attack

    wifipumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 19
    Sobelow

    Sobelow

    Security-focused static analysis for the Phoenix Framework

    ...For project maintainers, it can be used to prevent the introduction of a number of common vulnerabilities. Potential vulnerabilities are flagged in different colors according to confidence in their insecurity. High confidence is red, medium confidence is yellow, and low confidence is green. A finding is typically marked "low confidence" if it looks like a function could be used insecurely, but it cannot reliably be determined if the function accepts user-supplied input. That is to say, if a finding is marked green, it may be critically insecure, but it will require greater manual validation. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    C-Total

    C-Total

    Control Total sobre las conecciones de RED

    Administra reglas del Firewall de Windows de forma transparente sin ocultar información, muestra reglas creadas por el sistema y cualquier programa que utilice internet. NOTA: Para crear reglas y/o eliminarlas debe ejecutar C-Total como administrador.
    Downloads: 7 This Week
    Last Update:
    See Project
  • 21
    Offensive Reverse Shell

    Offensive Reverse Shell

    Collection of reverse shells for red team operations

    The Offensive Reverse Shell Cheat Sheet is a compilation of reverse shell payloads useful for red team operations and penetration testing. It provides ready-to-use code snippets in various programming languages, facilitating the establishment of reverse shells during security assessments.​
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22
    Alan Framework

    Alan Framework

    A C2 post-exploitation framework

    Alan Framework is a post-exploitation framework useful during red-team activities. You can run your preferred tool directly in-memory. JavaScript script execution (in-memory without third party dependency) Fully compliant SOCKS5 proxy. Supported agent types: Powershell (x86/x64), DLL (x86/x64), Executable (x86/x64), Shellcode (x86/x64). Server.exe can be executed in Linux (via dotnet core) The network communication is fully encrypted with a session key not recoverable from the agent binary or from a traffic dump. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 23
    RedELK

    RedELK

    Red Team's SIEM - tool for Red Teams used for tracking and alarming

    RedELK is a tracking and monitoring tool for Red Teams, providing insights into engagements and supporting real-time situational awareness for offensive operations.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 24
    PyExfil

    PyExfil

    A Python Package for Data Exfiltration

    ...The purpose of PyExfil is to set as many exfiltrations, and now also communication, techniques that CAN be used by various threat actors/malware around to bypass various detection and mitigation tools and techniques. You can track changes at the official GitHub page. Putting it simply, it’s meant to be used as a testing tool rather than an actual Red Teaming tool. Although most techniques and methods should be easily ported and compiled to various operating systems, some stable some experimental, the transmission mechanism should be stable on all techniques. Clone it, deploy on a node in your organization and see which systems can catch which techniques.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 25
    WinPwn

    WinPwn

    Automation for internal Windows Penetrationtest / AD-Security

    ...It streamlines many manual steps by integrating reconnaissance modules like Seatbelt, Inveigh, Rubeus, and PrivescCheck. With proxy auto‑detection, endpoint enumeration, and exploitation routines, it's widely used in red team and blue team tool chains.
    Downloads: 1 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • Next
Auth0 Logo