explaingit

a-poc/redteam-tools

8,728Audience · ops devopsComplexity · 1/5Setup · easy

TLDR

A curated index of 150+ tools and techniques for authorized penetration testing and red teaming, organized by attack stage from reconnaissance through lateral movement.

Mindmap

mindmap
  root((RedTeam-Tools))
    Attack stages
      Reconnaissance
      Initial access
      Privilege escalation
      Lateral movement
    Tool categories
      Web application
      Network scanning
      OSINT
    Red team tips
      Community techniques
      Practical shortcuts
    Audience
      Security professionals
      Penetration testers
    Purpose
      Authorized testing
      Security education
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Look up the right tool for a specific penetration testing phase such as reconnaissance, privilege escalation, or lateral movement

USE CASE 2

Find tools for enumerating DNS records, scanning subdomains, or scraping publicly leaked credentials during an authorized assessment

USE CASE 3

Use the red team tips section to learn practical community-sourced techniques for authorized security testing

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

RedTeam-Tools is a curated reference collection of more than 150 tools and techniques used in red teaming and penetration testing. Red teaming is the practice of simulating an attacker's approach against a system or organization to find weaknesses before real attackers do. This repository does not contain original software, it is an organized index pointing to existing tools, with notes on what each one does. The collection is divided into clearly labeled categories that follow the typical stages of an attack simulation. It starts with reconnaissance, which covers tools for mapping a target's external footprint, including scanning subdomains, enumerating DNS records, scraping credentials from public sources, and taking automated screenshots of web properties. From there it moves into resource development (building payloads), initial access (gaining a foothold), and further stages like execution, persistence, privilege escalation, and lateral movement. Beyond the tool listings, the README also includes a section of red team tips: short, practical techniques shared by the security community. These range from finding internal endpoints stored in browser bookmarks to methods for temporarily disabling antivirus software during an authorized test. Each tip credits the person who shared it. The repository is intended for security professionals, students, and researchers working in authorized testing contexts. The authors include a clear warning that the materials are for educational and informational purposes only and are not intended for illegal use. A companion repository called BlueTeam-Tools covers the defensive side of the same field. Because the full list runs to many hundreds of entries across dozens of categories, the README is very long. Only a portion of it was available for this summary. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
I'm doing an authorized penetration test and need to enumerate subdomains of a target company. Which tools in redteam-tools should I use and what commands do I run?
Prompt 2
I have initial access to a Linux system during a red team engagement. What tools and techniques does redteam-tools list for privilege escalation?
Prompt 3
I'm studying for an OSCP certification and want to practice lateral movement. What tools and methods does redteam-tools reference for that phase?
Open on GitHub → Explain another repo

← a-poc on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.