I Red Team DEV - Popular tools

Compiled tools for internal assessments

Sat, 26 Jul 2025 12:15:55 +0000

This repository is intended for pentesters and red teamers using a variety of offensive security tools during their assessments. The repository is a collection of useful tools suitable for assessments in internal environments. We fetch and compile the latest version of each tool on a regular basis and provide it to you as a release.
You don't have to worry about updating and compiling the tools yourself. Just download the latest release and find all the awesome tools you will need in a single archive.
https://github.com/Syslifters/offsec-tools

BrowserBruter

Sun, 06 Jul 2025 21:11:55 +0000

BrowserBruter is a powerful web form fuzzing automation tool designed for web security professionals and penetration testers. This Python-based tool leverages Selenium and Selenium-Wire to automate web form fuzzing, making it easier to identify potential vulnerabilities in web applications.
https://github.com/netsquare/BrowserBruter

banner.png (Size: 114.6 KB / Downloads: 4)

Sn1per

Thu, 19 Jun 2025 06:21:21 +0000

Attack Surface Management Platform
Discover hidden assets and vulnerabilities in your environment
[Find out more]

The ultimate pentesting toolkit
Integrate with the leading commercial and open source vulnerability scanners to scan for the latest CVEs and vulnerabilities.

Automate the most powerful tools
Security tools are expensive and time-consuming, but with Sn1per, you can save time by automating the execution of these open source and commercial tools to discover vulnerabilities across your entire attack surface.

Find what you can't see
Hacking is a problem that's only getting worse. But, with Sn1per, you can find what you can’t see—hidden assets and vulnerabilities in your environment.

Discover and prioritize risks in your organization
Sn1per is a next-generation information gathering tool that provides automated, deep, and continuous security for organizations of all sizes.

Github : https://github.com/1N3/Sn1per

Fuji: Forensic Unattended Juicy Imaging

Tue, 17 Jun 2025 21:30:52 +0000

Fuji is a free, open source program for performing forensic acquisition of Mac computers. It should work on any modern Intel or Apple Silicon device, as it leverages standard executables provided by macOS.Fuji performs a so-called live acquisition (the computer must be turned on) of logical nature, i.e. it includes only existing files. The tool generates a DMG file that can be imported in several digital forensics programs.
Link:
https://github.com/Lazza/Fuji

screenshot.png (Size: 189.11 KB / Downloads: 6)

Builder for analysis-aware Windows droppers

Tue, 17 Jun 2025 21:02:23 +0000

Quote:Cheska is intended for red teamers, researchers, and malware analysts operating within legal boundaries and in controlled, consented environments. Unauthorized deployment or use against systems you do not own or have explicit permission to test is illegal.

Requirements
Python 3
MinGW-w64 (sudo apt install mingw-w64)
How it works
Cheska is a builder for analysis-aware Windows droppers. All the user has to provide is the payload file and an optional output path where the resulting dropper will be saved.

When executed, the build script does the following in a nutshell:

validates that the provided payload is a valid Windows PE executable.
generates a random 3-character key used to XOR encode the payload and strings in the stub (e.g. DLL names).
generates a random 3-5-character string to be used as the resource name for the encoded payload.
configures the stub with the key and now encoded string values.
compiles the stub and embeds the encoded payload as a resource.
The dropper, upon execution, does the following:

Performs anti-analysis checks (detailed below)
Loads and decodes the payload from the resources section
Drops and executes the payload
Anti-Analysis Techniques
Category Technique Description
Anti-debugging Unhandled exception filter Detects attached debugger via custom exception logic.
Anti-sandbox Mouse presence check Detects whether a mouse device is installed.
Number of processors (<=2) Flags limited CPU environments.
RAM size (<2GB) Detects low-memory VMs or sandboxes.
Anti-VM Virtualization feature flag Uses PF_VIRTUALIZATION_ENABLED to detect VT-x/AMD-V.
Native VHD boot check Detects OS booted from VHD, common in VMs/sandboxes.
Additional Defense Evasion Techniques
To further minimize detection and complicate analysis, the stub also employs:

PEB walking for stealthy module enumeration
Dynamic API resolution to bypass static import detection
String obfuscation (e.g. XOR-encoded DLL and function names)
Setup
The builder was developed and tested on a Linux environment, leveraging MinGW-w64 for cross-compiling Windows binaries.

Clone this repository
git clone https://github.com/nemuelw/cheska.git
Navigate to the project directory
Create a virtual environment and activate it
python3 -m venv .venv
. .venv/bin/activate
Install project dependencies
pip3 install -r requirements.txt
Usage
python3 cheska.py -p [-o ]
Contribution
Contributions are welcome! Ideas for improvement include:

Better anti-VM techniques (e.g. VM driver or MAC address checks)
Additional anti-sandbox methods
Stub optimization or improved evasion heuristics
Link:
https://github.com/nemuelw/cheska

MacOS forensic acquisition made simple

Tue, 17 Jun 2025 14:03:09 +0000

Link:
https://github.com/Lazza/Fuji

screenshot.png (Size: 189.11 KB / Downloads: 2)

WPProbe is a lightweight, fast and reliable tool to discover WordPress.

Sat, 14 Jun 2025 10:44:44 +0000

Especially useful for cybersecurity professionals looking for maximum coverage with minimal detection. ‚
? Operation modes
1️⃣ Stealthy (stealth) - Default method:
- Check for exposed routes, such as? rest_route=/plugins/...
- Compare discovered routes with known patterns
- Get the module version (when available) and compare it to known vulnerabilities (CVE)
2️⃣ Brute Force
- Try to access the plugin directory directly (p. EJ. : /wp-content/plugins/name)
- Detect modules whose route does not throw a 404 error
- Get versions and CVE maps
3️⃣ Hybrid
- Start in stealth mode.
- Then brute force it into what was not initially detected
- Provides maximum range while maintaining discretion
?️ https://github.com/Chocapikk/wpprobe

504614554_1232844045089563_5084319758723932978_n.jpg (Size: 138.86 KB / Downloads: 12)

ZigStrike

Fri, 13 Jun 2025 19:35:34 +0000

I have released ZigStrike toolkit last year and it is still under heavy development. I decided to code in Zig which I believe the next C successor. ZigStrike is designed to assist Offsec in their operations, converting a shellcode into portable extension(DLL/XLL/CPL) which can be used to leveraged to execute the shellcode, ZigStrike offers several features and powerful options with frequent updates.

Features ( release 2.0 )

Multiple Injection Techniques:
- Local Thread
- Local Mapping
- Remote Mapping
- Remote Thread hijacking
- EarlyCascade injection
Anti-Sandbox Protection:
- TPM Presence Check.
- Domain Join Check.
- Run-Time protection.
Output Formats:
- XLL (Excel Add-in)
- DLL
- CPL
Advanced Features:
- Shellcode advanced allocation.
- Payload Runtime protection; preventing emulation and sandbox dynamic anaylsis.
- Bypass common detection rules.
Front-end enhancement:
- Added new page to view generated payloads.
- Detailed information for each created payload.
- Fix flask issue to support uploading large shellcode.

Prerequisites

Zig 0.14.0
Ubuntu / Debian
Python 3.x (for the web interface) with Flask

Link : https://github.com/0xsp-SRD/zigStrike/