This repository is intended for pentesters and red teamers using a variety of offensive security tools during their assessments. The repository is a collection of useful tools suitable for assessments in internal environments. We fetch and compile the latest version of each tool on a regular basis and provide it to you as a release.
You don't have to worry about updating and compiling the tools yourself. Just download the latest release and find all the awesome tools you will need in a single archive.
Happy Hacking! :)
Team Syslifters 🦖
https://syslifters.com
🚀 Have a look at SysReptor
- adalanche: Active Directory ACL Visualizer and Explorer (https://github.com/lkarlslund/Adalanche)
- adrecon: Active Directory information gathering tool using MS Excel for reporting (https://github.com/adrecon/ADRecon)
- azureadrecon: Azure AD / Entra ID information gathering tool using MS Excel for reporting (https://github.com/adrecon/AzureADRecon)
- certify: Active Directory Certificate Services enumeration and abuse tool (https://github.com/GhostPack/Certify)
- certipy: Active Directory Certificate Services enumeration and abuse tool (https://github.com/ly4k/Certipy)
- crassus: Windows privilege escalation discovery tool (https://github.com/vu-ls/Crassus)
- inveigh: .NET IPv4/IPv6 machine-in-the-middle tool (https://github.com/Kevin-Robertson/Inveigh)
- lazagne: Credentials Recovery tool (https://github.com/AlessandroZ/LaZagne)
- mimikatz: Windows Credentials Recovery tool (https://github.com/gentilkiwi/mimikatz)
- pingcastle: Active Directory Auditing tool (https://github.com/vletoux/pingcastle)
- powermad: PowerShell MachineAccountQuota and DNS exploit tools (https://github.com/Kevin-Robertson/Powermad)
- rubeus: Kerberos Interaction and Abuse tool (https://github.com/GhostPack/Rubeus)
- seatbelt: Local Privilege Escalation tool (https://github.com/GhostPack/Seatbelt)
- sharphound: Data Collector for BloodHound (https://github.com/BloodHoundAD/SharpHound)
- sharpup: Local Privilege Escalation tool (https://github.com/GhostPack/SharpUp)
- sharpwsus: WSUS Lateral Movement tool (https://github.com/nettitude/SharpWSUS)
- snaffler: Fileshare Discovery and Enumeration tool (https://github.com/SnaffCon/Snaffler)
- stracciatella: OpSec-safe Powershell runspace tool (https://github.com/mgeeky/Stracciatella)
- winpeas: Local Privilege Escalation tool (https://github.com/carlospolop/PEASS-ng/tree/master)
- Whisker: Active Directory Shadow Credentials tool (https://github.com/eladshamir/Whisker)
Many OffSec tools are shipped with their source code only and therefore need to be compiled manually. This is a very time-consuming task, especially if you want to keep your tools up to date before doing assessments. Better save the time for more important things, right?
We don't want to rack our brains every time before an assessment about which tools we need. A release conveniently contains all the tools we need for the assessment as a collection. Noice!!
No. Cross our heart and hope to die.
Oh man, we don't blame you. It's the lot of the security industry. But if you're motivated, you can also create your own build pipeline. We'd be happy to show you how to do that. Instructions and our gitlab-ci.yml are included in this repository.
When creating a release, we use the latest version from the official repository of the respective tool. You can check the version in the commit message, which points to the latest commit in the official repository.
We have fully automated the steps required to create a release using a build pipeline. We therefore plan to create a release once a week.
Just let us know! Open an issue with a link to the repository you want to add. We'll have a look and add it if it's a reasonable fit.