Offensive Security Tools for Pentesting & Red Team Operations

Every so often I post a tweet on Twitter asking for people’s arsenal of different tools whether for security, coding or whatever. I decided to repost my list of favorite offensive security tools and asked others they liked to use:

https://twitter.com/reybango/status/1480890741421453316?s=20

What I got back was an impressive list of tools penetration testing and red team operations tools, many of which were new to me which I can now learn from. I wanted to make sure to share these out but be careful where you get them from and how you use them (best in a virtual machine to be safe):

Kerbrute
Impacket
Rubeus
PoshADCS
Kekeo
Powershell
LOLBAS
WDAC Bypass Repo
Charlotte
Donut
RunasCS
ADFSDump
Proxychains4
Sshuttle
LAPSDumper
Evilginx2
Mitm6
Dirsearch
SecLists
BurpSuite
SSH
PowerView
AADInternals
TokenTactics
Visual Studio (Code)
PowerUp 
PowerUpSQL
Rubeus
Chisel
GoPhish
Fierce
Shodan
MFAsweep
o365enum
WireShark
CobaltStrike
Snaffler for looting smb shares 
Hive by hexway for reporting and team collaboration
Pacu for AWS
Stormspotter for Azure
Empire
Badrats
CrackMapExec
Impacket
Metasploit
MimiKatz
BloodHound
Evil-WinRM
SharPersist
PwnCat (CalebStewart version)
Gobuster
Responder
PowerShell
Hashcat
SQLMap
Dehashed
Inveigh
Powermad
Rpcdump
Ldapsearch
Rpcclient
zaproxy
ffuf
assetfinder
gau
postman
waybackurls
intelx.io
phpggc
ysoserial
binwalk
Pingcastle
Adalanche
Sharpkatz
curl
Netcat
Feroxbuster
Rustscan

Remember, use these for good. :)

Rey Bango