Infrastructure (phishing, C2, redirector)

DLS 2024 - RedTeam Fails - “Oops my bad I ruined the operation”Swissky’s adventures into InfoSec World !

Living Off Trusted Sites

LOTS Project - Living Off Trusted Sites

Phishing

Social Engineering | Red Team Guides

Top Phishing TechniquesRedTeamRecipe

Easy Phishing Infrastructure Setup for Red TeamingPayatu

Tools

Gophish - Open Source Phishing Framework

GitHub - htr-tech/zphisher: An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !GitHub

GitHub - trustedsec/social-engineer-toolkit: The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.GitHub

GitHub - fin3ss3g0d/evilgophish: evilginx2 + gophishGitHub

GitHub - rsmusllp/king-phisher: Phishing Campaign ToolkitGitHub

Ansible:

GitHub - VirtualSamuraii/flyphish: Deploy a phishing infrastructure on the fly.GitHub

Remove IoC from Gophish

GitHub - puzzlepeaches/sneaky_gophish: Hiding GoPhish from the boys in blueGitHub

Users emails

Social Media

Email reputation:

https://emailrep.io/emailrep.io

Valid emails

GitHub - 0xhav0c/valid-email-scanner: Valid Email Address ScannerGitHub

Template to use

GitHub - simplerhacking/Evilginx3-Phishlets: This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically for use with Evilginx3.GitHub

GitHub - BiZken/PhishMailer: Generate Professional Phishing Emails Fast And EasyGitHub

https://x.com/nullenc0de/status/1848361811881435474

GitHub - nullenc0de/servicelens: ServiceLens is a Python tool for analyzing services linked to Microsoft 365 domains. It scans DNS records like SPF and DMARC to identify services, categorizing them into Email, Cloud, Security, and more.GitHub

Generate Typo Squatting

GitHub - urbanadventurer/urlcrazy: Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.GitHub

Check the availability and responsiveness of domains

GitHub - murat-exp/Domain-Checker-Tool: A high-performance Go-based tool for checking the availability and responsiveness of domains, utilizing both HTTP requests and browser automation for comprehensive analysis.GitHub

Recaptcha Phish

GitHub - JohnHammond/recaptcha-phish: Phishing with a fake reCAPTCHAGitHub

OAuth / QR code phishing

GitHub - secureworks/squarephishGitHub

Offensive VBA

GitHub - S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documentsGitHub

C2

C2

The C2 MatrixC2 Matrix

Redirector

Redirectors: A Red Teamer’s IntroductionOptiv

GitHub - D00Movenok/BounceBack: ↕️🤫 Stealth redirector for your red team operation securityGitHub

Resilient Infrastructure

GitHub - bluscreenofjeff/Red-Team-Infrastructure-Wiki: Wiki to collect Red Team infrastructure hardening resourcesGitHub

Automating Red Team Infrastructure with Terraform | Red Team Notes

GitHub - 0xS2V2/marsform: terraform deployment for red teamGitHub

Building a Red Team Infrastructure in 2023sse_gmbh

GitHub - SecuraBV/RedWizardGitHub

AWS