This article is the first official account of the Network Research Institute, follow WeChat to get more.
Red Siege develops and provides many open source tools to aid in your penetration testing efforts.
The company plans to continue supporting the tools listed below, whether in the form of bug fixes or new features. Give them a try, they're all available for free on GitHub.
Autofunkt
https://github.com/RedSiege/AutoFunkt
AutoFunkt is a Python script to automatically create a serverless cloud redirector from a Cobalt Strike extensible C2 configuration file.
C2concealer
https://github.com/RedSiege/C2concealer
C2concealer is a command-line tool that generates random C2 malleable configuration files for use in Cobalt Strike.
DigDug
https://github.com/RedSiege/DigDug
Dig Dug works by appending words from a dictionary to executable files. The dictionary is appended repeatedly until the final desired size of the executable is reached. Some AV and EDR engines may measure entropy to determine if an executable is worth executing. Other vendors check executables for signs of null byte padding.
dumpCake
https://github.com/brandonscholet/dumpCake
dumpCake will dump password authentication attempts to the SSH daemon. Each SSHD child process will attach to the process and when the process completes, the attempted password and connection logs will be dumped into the script.
EyeWitness
https://github.com/RedSiege/EyeWitness
EyeWitness takes screenshots of websites, collects server header information, and identifies default credentials where possible. Save a lot of time triaging websites in large tests. Penetration testers often use this tool to sift through a long list of websites.
Use case: Quickly identify interesting websites and admin interfaces in a large penetration test.
EyeWitness takes screenshots of websites, collects server header information, and identifies default credentials where possible. Save a lot of time triaging websites in large tests. Penetration testers often use this tool to sift through a long list of websites. You can feed it Nessus XML or Nmap XML output, and it will visit the site, get server information, and take a screenshot of the site. It generates a quick and easy-to-read report to help penetration testers quickly identify sites of greatest interest to attack first. Alternatively, you can provide a list of URLs to scan. The tool is written in Python and has a C# assembly that can be loaded into many C2 frameworks.
EDD – Enumerate Domain Data
https://github.com/RedSiege/EDD
The enumerated domain data design is similar to PowerView, but in .NET. PowerView is essentially the ultimate domain enumeration tool. The tool was put together primarily by looking at implementations of different functions in various existing projects and combining them into the EDD.
Use case: Extract domain information useful to penetration testers and auditors.
Enumerated Domain Data (ED) has a similar design to PowerView, but in .NET. PowerView is essentially the ultimate domain enumeration tool, and we wanted a .NET implementation that we developed ourselves. The tool was put together primarily by looking at implementations of different functions in various existing projects and combining them into the EDD. The tool is written in C# and can be loaded into many C2 frameworks.
GPPDeception
https://github.com/RedSiege/GPPDeception
This script generates a groups.xml file that mimics the real GPP to create new users on domain-joined computers. Blue teams can use this file as a honey file. By monitoring access to files, blue teams can detect pen testers or malicious actors scanning GPP files containing usernames and cpasswords for lateral movement.
Just-Metadata
https://github.com/RedSiege/Just-Metadata
Just-Metadata is a tool for collecting and analyzing metadata about IP addresses. It tries to find relationships between systems in large datasets. It is used to passively gather intelligence information about large numbers of IP addresses and attempt to infer relationships that might not otherwise be seen.
ProxmarkWrapper
https://github.com/RedSiege/ProxmarkWrapper
ProxmarkWrapper is a wrapper for the Proxmark3 client which will send a text alert (and/or email if warranted) if an RFID card is captured.
Wappybird
https://github.com/brandonscholet/wappybird
Wappybird is a multithreaded Wappalyzer CLI tool for finding web technologies, with optional CSV output. You can also provide a directory and all scraped data will be saved in subfolders per host.
WMImplant
https://github.com/RedSiege/WMImplant
WMImplant is a PowerShell-based tool that leverages WMI to perform operations on target computers, while also serving as a C2 channel for issuing commands and receiving results. WMImplant requires local administrator rights on the target computer.
WMIOps
https://github.com/RedSiege/WMIOps
WMIOps is a powershell script that uses WMI to perform various operations on a local or remote host in a Windows environment. It is primarily designed for penetration testing or red teaming activities.
For more open source penetration testing tools, please visit the URL: https://redsiege.com/tools/