Projects with this topic
-
Red Team AI Benchmark: Evaluating LLMs for authorized offensive-security tasks. Red Team AI Benchmark is a CLI model-evaluation benchmark. It measures how LLMs understand and respond to red-team questions and security scenarios; it is not a tool for carrying out those activities. Version 2 uses a rubric-based dataset instead of judging answers only against one golden response.
Updated -
SecurePath is an open-source, enterprise-grade framework for AI evaluation, red-teaming, and regulatory compliance. It provides sandboxed testing, policy-aligned metrics, multi-modal evaluation, training data sensitivity analysis, and historical compliance tracking, all while maintaining audit-ready logs and dashboards. Designed for organizations, enterprises, and research teams, SecurePath ensures AI safety, transparency, and regulatory assurance.
Updated -
Copy Fail - CVE-2026-31431 - Hardened C implementation for redteam and authorized penetration testing operations.
⚠️ Legal Notice: This tool is intended solely for authorized security research, authorized penetration testing, and defensive analysis. Use on systems you own or have explicit written permission to test. Unauthorized access to computer systems is illegal.Updated -
Tomcat backdoor based on CS blog
Updated -
Push notification demo based on malware seen in the wild.
Updated -
USB Modem/IAX2 War Dialer
Updated -
JA4 proxy tooling.
Updated -
Canary Detection
Updated -
Deployment scripts for automated labs.
Updated -
C.A.R.P. is a pentest tool that delivers a remote, browser-in-the-browser experience for multi-campaign phishing, credential capture, and session hijacking (bypassing MFA). A target user visits a campaign URL they see a full-screen browser (noVNC + Firefox) that loads a target site you configure (e.g. a login page). Each visitor gets their own isolated Docker container, so sessions don’t mix. Keystrokes are logged per session, and you manage everything (campaigns, sessions, keylogs, idle timeouts) from a single Admin UI.
Updated -
Pr0filer is a reconnaissance tool for browsers, implemented in JS and PHP. Its purpose is to gather information from the victim for further targeted attacks.
Updated -
Lab environment for researching antivirus evasion using Shellter and PowerShell, including setup steps, documentation, and safe payload workflow.
Updated -
Portable network scanner with some limited opsec capabilities.
Updated -
Powershell script to hide a .dll into a link using alternate data stream (ADS), then place the .lnk file into an NTFS virtual hard disk (VHD). The link will run the dll leveraging rundll32.
Updated -
C# project to exfiltrate data as compressed zip file from target computer to Dropbox using Dropbox API during red team engagement.
Updated -
Red Team Automation tool powered by go and terraform.
Red Team operations require substantial efforts to both create implants and a resilient C2 infrastructure. SiestaTime aims to merge these ideas into a tool with an easy-to-use GUI, which facilita
Updated -
Arducky - Arduino Ducky Script Interpreter
Updated -
Powershell Empire in Docker
Updated