A red team is an offensive group of cybersecurity experts that simulate attacker’s tactics in order to bypass security protections (firewalls, SIEM, anti-malware) and remain undetected by the blue team.
Offensive security tools
- https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ Kali Linux: The reference Linux-based VM for penetration testing
- https://github.com/fireeye/commando-vm Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
- https://pentestbox.org/ PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
- https://www.metasploit.com/ Metasploit: The world’s most used Penetration testing framework
- https://www.trustedsec.com/pentesters-framework/ PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
- https://www.faradaysec.com/ Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
- http://fastandeasyhacking.com/ Armitage: Cyber Attack Management for Metasploit
- https://www.cobaltstrike.com/ Cobalt Strike: Adversary Simulation and Red team Operations
- https://owtf.github.io/ OWTF: OWASP Offensive Web Testing Framework
- https://github.com/kgretzky/pwndrop Pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV
Social Engineering toolkits
- https://github.com/gophish/gophish gophish: Open-Source Phishing Toolkit
- https://github.com/trustedsec/social-engineer-toolkit SET: Open-source penetration testing framework designed for social engineering
Purple team tools
- https://github.com/mitre/caldera: MITRE CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
Test & Lab Cybersecurity Environments
Online resources to train
- https://www.hackthebox.eu/ HTB: Online platform with Penetration testing labs (Similar to OSCP labs)
- https://tryhackme.com/ TryHackMe: Cybersecurity Training
- https://google-gruyere.appspot.com/part1 Google Gruyere: Buggy web application
Offline resources to set up your own lab
- https://github.com/ethicalhack3r/DVWA DVWA: Damn Vulnerable Web Application
- https://canyoupwn.me/kevgir-vulnerable-vm/ Kevgir: Multi Vulnerable Virtual Machine
- https://github.com/WebGoat/WebGoat WebGoat: A deliberately insecure Web Application
- https://sourceforge.net/projects/metasploitable/files/latest/download Metasploitable 2: Metasploitable login is “msfadmin”; the password is also “msfadmin”.
- https://github.com/rapid7/metasploitable3 Metasploitable 3: Is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.