PurpleTeam
June 5, 2022 · View on GitHub
PurpleTeam - Tools and more..
Emergency Response Tool
| Project Description | project address | project name |
|---|---|---|
| Automatic and comprehensive detection script of the host-side Checklist | https://github.com/grayddq/GScan | Gscan |
| Practical notes on emergency response, self-cultivation of a safety engineer | https://github.com/Bypass007/Emergency-Response-Notes | Bypass007 |
| Linux information collection/emergency response/common backdoor/mining detection/webshell detection script | https://github.com/al0ne/LinuxCheck | LinuxCheck |
| APT-Hunter Windows log event emergency tool | https://github.com/ahmedkhlief/APT-Hunter | APT-Hunter |
| uroboros – A GNU/Linux monitoring and profiling tool that focuses on a single process | https://github.com/evilsocket/uroboros | uroboros |
| A powerful emergency response tool under whohk linux | https://github.com/heikanet/whohk | whohk |
| Malwoverview is a first responder tool for threat hunting | https://github.com/alexandreborges/malwoverview | malwoverview |
| Attack Surface Analyzer can help you analyze the security configuration of your operating system | https://github.com/Microsoft/AttackSurfaceAnalyzer | AttackSurfaceAnalyzer |
| A tool for real-time detection of malicious web traffic based on IP reputation information | https://github.com/CRED-CLUB/ARTIF | ARTIF |
| Rootkit Hunter Rootkit Hunter | http://rkhunter.sourceforge.net/ | Rootkit |
| SHELPUB.COM focuses on killing hippo webshell killing | https://www.shellpub.com/ | hippo webshell |
| Fire Kylin-Network Security Emergency Response Tool (System Trace Collection) | https://github.com/MountCloud/FireKylin | FireKylin |
| Log analysis library, another usage of nuclei | https://github.com/ffffffff0x/LOG-HUB | LOG-HUB |
Tunnel proxy tool
| Project Description | project address | project name |
|---|---|---|
| A full-platform proxy tool that supports a variety of socks protocols | https://www.proxifier.com/ | proxifier |
| High-performance reverse proxy application focusing on intranet penetration | https://github.com/fatedier/frp | frp |
| Lightweight, high-performance, powerful intranet penetration proxy server | https://github.com/ehang-io/nps | nps |
| Improved reGeorg version | https://github.com/L-codes/Neo-reGeorg | Neo-reGeorg |
| It is a tool that uses the dns protocol to transmit tcp data | https://github.com/alex-sector/dns2tcp | dns2tcp |
| is a DNS tunneling tool | https://github.com/iagox86/dnscat2 | dnscat2 |
| Intranet penetration proxy, port forwarding tool | http://rootkiter.com/Termite/ | Termite |
| A simple reverse ICMP shell | https://github.com/inquisb/icmpsh | icmpsh |
| Forward/reverse proxy, intranet penetration, port forwarding | https://github.com/inconshreveable/ngrok | skirt |
| Pingtunnel is a tool for forwarding tcp/udp/sock5 traffic disguised as icmp traffic | https://github.com/esrrhs/pingtunnel | ping tunnel |
| pystinger – An out-of-network tool that uses webshell for traffic forwarding | https://github.com/FunnyWolf/pystinger | pystinger |
| goproxy is a lightweight, powerful, high-performance proxy tool | https://github.com/snail007/goproxy | goproxy |
| A tool that can perform reverse proxy and cs online without going online | https://github.com/Daybr4ak/C2ReverseProxy | C2ReverseProxy |
Lateral movement tool
| Project Description | project address | project name |
|---|---|---|
| Mimikatz Windows Password Grabber | https://github.com/gentilkiwi/mimikatz | mimikatz |
| sharpwmi rpc-based lateral movement tool with upload and execute command functions | https://github.com/QAX-A-Team/sharpwmi | sharpwmi |
| File download command is generated quickly | https://forum.ywhack.com/bountytips.php?download | shortcut command |
| One-click generation of rebound shell commands | https://forum.ywhack.com/shell.php | bounce shell |
| ATT&CK Lateral Movement Summary Tips | https://attack.mitre.org/tactics/TA0008/ | attack |
| Pass hash to named pipe for token impersonation | https://github.com/S3cur3Th1sSh1t/NamedPipePTH | NamedPipePTH |
| Common lateral movement and domain control authority maintenance methods | https://xz.aliyun.com/t/9382 | Methodology |
Password Extraction Tool
| Project Description | project address | project name |
|---|---|---|
| Various password extraction | https://github.com/kerbyj/goLazagne | goLazagne |
| Used to read common program passwords, such as Navicat, TeamViewer, FileZilla, WinSCP, etc. | https://github.com/RowTeam/SharpDecryptPwd | SharpDecryptPwd |
| Xshell, Xftp password decryption tool | https://github.com/JDArmy/SharpXDecrypt | SharpXDecrypt |
| An export tool for decrypting browser data (password|history|cookie|bookmark|credit card|download record), supporting mainstream browsers on all platforms. | https://github.com/moonD4rk/HackBrowserData/ | HackBrowserData |
| An identification code and verification code extraction tool for sunflower | https://github.com/wafinfo/Sunflower_get_Password | Sunflower_get_Password |
| One-click CobaltStrike script to assist in grabbing 360 secure browser passwords and decryption gadgets | https://github.com/hayasec/360SafeBrowsergetpass | 360SafeBrowsergetpass |
| BrowserGhost tool to grab browser passwords | https://github.com/QAX-A-Team/BrowserGhost | BrowserGhost |
| win-brute-logon cracks any Microsoft Windows user password without permission | https://github.com/DarkCoderSc/win-brute-logon | win-brute-logon |
| TeamViewer: Bypass anti-software tool to obtain Teamview password | https://github.com/wafinfo/TeamViewer | TeamViewer |
| Xdecrypt Xshell Xftp password decryption | https://github.com/dzxs/Xdecrypt | Xdecrypt |