explaingit

infosecn1nja/red-teaming-toolkit

10,319Audience · developerComplexity · 1/5Setup · easy

TLDR

A curated reference list of open-source security tools organized by attack phase, reconnaissance, initial access, persistence, and exfiltration, for penetration testers and red teamers.

Mindmap

mindmap
  root((red-teaming-toolkit))
    What It Is
      Curated tool list
      No original code
    Attack Phases
      Reconnaissance
      Initial Access
      Privilege Escalation
      Lateral Movement
    Tool Categories
      Credential Dumping
      Defense Evasion
      Persistence
      Exfiltration
    Audience
      Red Teamers
      Pen Testers
      Threat Hunters
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Find reconnaissance tools to discover subdomains and map attack surfaces during an authorized penetration test.

USE CASE 2

Look up credential dumping tools for a red team engagement to understand what attackers might use against your systems.

USE CASE 3

Research defense evasion techniques to build better detection rules for your security operations center.

USE CASE 4

Identify lateral movement tools to understand attacker playbooks when creating a threat model for a corporate network.

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

Red Teaming Toolkit is a curated list of open-source security tools organized for people who conduct adversary simulations, penetration tests, or threat hunting exercises. A red teamer is someone hired by a company to attack their own systems in order to find weaknesses before real attackers do. This repository does not contain original code, it is a reference directory that collects and categorizes existing tools from across the security community. The tools are grouped by the phase of an attack they relate to. Reconnaissance covers tools for mapping targets, discovering subdomains, scanning for exposed cloud storage, and gathering intelligence from sources like LinkedIn. Initial access covers tools for testing password spraying, generating malicious payloads, and finding ways into systems. Subsequent categories cover situational awareness (understanding the environment once inside), credential dumping (extracting passwords or tokens), privilege escalation (gaining higher-level access), defense evasion (avoiding detection), persistence (maintaining access), lateral movement (moving between systems), and exfiltration (getting data out). Each entry in the list includes a tool name, a brief description of what it does, and a link to its GitHub repository. The descriptions are short, typically one or two sentences, so this is more of a starting point for research than a deep guide to any individual tool. The README notes that the tools listed here could be misused by malicious actors, and the intent is to support legitimate security professionals and threat hunters who use the same techniques defensively. The project accepts contributions via pull requests. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
I'm starting an authorized red team engagement. List the best recon tools from infosecn1nja/red-teaming-toolkit for subdomain discovery and cloud storage enumeration, and explain when to use each.
Prompt 2
Using the red-teaming-toolkit as reference, help me build a threat model covering initial access, lateral movement, and exfiltration for a mid-size corporate network.
Prompt 3
I'm a defender building detection rules. For each attack phase in red-teaming-toolkit (recon, initial access, privilege escalation), suggest a Sigma rule or log source that would catch the listed tools.
Prompt 4
Pick a tool from the red-teaming-toolkit's persistence category and explain step-by-step how a defender would detect and remove it from a compromised Windows host.
Open on GitHub → Explain another repo

← infosecn1nja on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.