{"id":22268810,"url":"https://github.com/anlominus/redteam","last_synced_at":"2025-07-22T01:05:03.450Z","repository":{"id":43645653,"uuid":"496402982","full_name":"AnLoMinus/RedTeam","owner":"AnLoMinus","description":"RedTeam - Red Team Tools","archived":false,"fork":false,"pushed_at":"2022-10-30T08:25:08.000Z","size":991,"stargazers_count":44,"open_issues_count":0,"forks_count":9,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-04T20:51:20.318Z","etag":null,"topics":["checklist","engagement","mission-plan","operation","planning","redteam","resource-plan","rules"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AnLoMinus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-05-25T22:03:44.000Z","updated_at":"2025-04-04T16:11:04.000Z","dependencies_parsed_at":"2023-01-20T05:16:40.415Z","dependency_job_id":null,"html_url":"https://github.com/AnLoMinus/RedTeam","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/AnLoMinus/RedTeam","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AnLoMinus%2FRedTeam","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AnLoMinus%2FRedTeam/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AnLoMinus%2FRedTeam/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AnLoMinus%2FRedTeam/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AnLoMinus","download_url":"https://codeload.github.com/AnLoMinus/RedTeam/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AnLoMinus%2FRedTeam/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266405405,"owners_count":23923536,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-21T11:47:31.412Z","response_time":64,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checklist","engagement","mission-plan","operation","planning","redteam","resource-plan","rules"],"created_at":"2024-12-03T11:14:00.488Z","updated_at":"2025-07-22T01:05:03.429Z","avatar_url":"https://github.com/AnLoMinus.png","language":"Shell","readme":"\u003e בס״ד\n\u003cdiv align=\"center\"\u003e\n\n\u003ch2 align=\"center\"\u003e\u003ca href=\"https://github.com/Anlominus\"\u003e⚜️ Aภl๏miuภuຮ ⚜️\u003c/a\u003e\u003c/h2\u003e\n\n\u003cimg align=\"center\" width=\"100\" src=\"https://user-images.githubusercontent.com/51442719/172729066-1293d382-4a31-4f03-8c23-ab0ea5f611a0.png\"\u003e\n\n⫷ [**`HacKingPro`**](https://github.com/Anlominus/HacKingPro) ⫸\n\u003cbr\u003e\n⫷ [**`TryHackMe`**](https://github.com/Anlominus/TryHackMe) | [**`KoTH`**](https://github.com/Anlominus/TryHackMe/tree/main/King%20of%20the%20Hill/KoTH) ⫸ \n\u003cbr\u003e\n⫷ [**`Privilege-Escalation`**](https://github.com/Anlominus/Privilege-Escalation)⫸ \n\u003cbr\u003e\n⫷ [**`ScanPro`**](https://github.com/Anlominus/ScanPro) | [**`Linfo`**](https://github.com/Anlominus/Linfo) | [**`Diablo`**](https://github.com/Anlominus/Diablo) ⫸ \n\u003cbr\u003e\n⫷ [**`Offensive-Security`**](https://github.com/Anlominus/Offensive-Security) | [**`PenTest`**](https://github.com/Anlominus/PenTest) ⫸\n\u003cbr\u003e\n⫷ [**`Goals`**](https://github.com/Anlominus/Goals) | [**`Studies`**](https://github.com/Anlominus/Studies) | [**`HacKing`**](https://github.com/Anlominus/HacKing) | [**`AnyTeam`**](https://github.com/Anlominus/AnyTeam) ⫸\n\u003cbr\u003e\n\n\u003c/div\u003e\n  \n---\n  \n\u003cdiv align=\"center\"\u003e\n\n# [RedTeam](https://github.com/Anlominus/RedTeam)\n\n  \u003ca href=\"\"\u003e\u003cbr\u003e\u003cimg title=\"Made in ISRAEL\" src=\"https://img.shields.io/badge/MADE%20IN-ISRAEL-blue?style=for-the-badge\"\u003e\u003c/a\u003e\n\n![image](https://user-images.githubusercontent.com/51442719/170375086-701a2ab3-7421-41d5-a61b-1b28b6018100.png)\n\nRedTeam - Red Team Tools\n\n# RED TEAM DEVELOPMENT CHECKLIST\n\n![image](https://user-images.githubusercontent.com/51442719/177810241-e04a0297-4627-4dcf-adb9-0c8dd2ce239c.png)\n\n![image](https://user-images.githubusercontent.com/51442719/177814174-e571a03f-ed85-4754-96cb-a010300e8b22.png)\n\n**⫷ [MITRE ATT\u0026CK](https://attack.mitre.org/) | [OST Map](https://www.intezer.com/ost-map/) | [ATT\u0026CK Navigator](https://mitre-attack.github.io/attack-navigator/) | [Atomic Red Team](https://atomicredteam.io/) ⫸**\n\n\u003c/div\u003e\n\n- `TTP` - Tactics, Techniques and Procedures\n- `TI` - Threat Intelligence \n- `CTI` - Cyber Threat Intelligence \n- `ISAC` - Information and Sharing Analysis Centers \n\n---\n\n- [ ] 1 Reconnaissance:\n  - No identified TTPs, use internal team methodology\n- [ ] 2 Weaponization:\n  - Command and Scripting Interpreter\n    - PowerShell\n    - Python\n    - VBA\n    - Ruby\n    - Bash\n    - Shell\n  - User executed malicious attachments\n- [ ] 3 Delivery:\n  - Exploit Public-Facing Applications\n  - Spearphishing\n- [ ] 4 Exploitation:\n  - Registry modification\n  - Scheduled tasks\n  - Keylogging\n  - Credential dumping\n- [ ] 5 Installation:\n  - Ingress tool transfer\n  - Proxy usage\n- [ ] 6 Command \u0026 Control:\n  - Web protocols (HTTP/HTTPS)\n  - DNS\n  - Actions on Objectives\n  - Exfiltration over C2\n\n---\n\n| Cyber Kill Chain      \t| MITRE ATT\u0026CK                  \t|\n|-----------------------\t|-------------------------------\t|\n| Recon                 \t| Reconnaissance                \t|\n| Weaponization         \t| Execution                     \t|\n| Delivery              \t| Initial Access                \t|\n| Exploitation          \t| Initial Access                \t|\n| Installation          \t| Persistence / Defense Evasion \t|\n| Command \u0026 Control     \t| Command and Control           \t|\n| Actions on Objectives \t| Exfiltration / Impact         \t|\n\n---\n- [ ] Determine required knowledge and skills\n- [ ] Identify and implement alternate methods for bridging knowledge gaps\n- [ ] Develop roles and responsibilities guide\n- [ ] Develop red team methodology\n- [ ] Develop TTP guidance for engagements\n- [ ] Includes Bag of tricks\n- [ ] Develop data collection guide and tools\n- [ ] Develop operational process plan\n- [ ] Develop communication plan template\n- [ ] Develop ROE template:  [Rules of Engagement (RoE)](#rules-of-engagement-roe)\n- [ ] Develop technical briefing template\n- [ ] Develop report template: [Diablo](https://github.com/Anlominus/Diablo)\n\n# Concept of Operation (CONOPS)\n### There is not a set standard of a CONOPS document; \n#### Below is an outline of critical components that should be included in a CONOPS\n  - [ ] Client Name\n  - [ ] Service Provider\n  - [ ] Timeframe\n  - [ ] General Objectives/Phases\n  - [ ] Other Training Objectives (Exfiltration)\n  - [ ] High-Level Tools/Techniques planned to be used\n  - [ ] Threat group to emulate (if any)\n\n# Resource Plan\n- Header\n  - [ ] Personnel writing\n  - [ ] Dates\n  - [ ] Customer\n- Engagement Dates\n  - [ ] Reconnaissance Dates\n  - [ ] Initial Compromise Dates\n  - [ ] Post-Exploitation and Persistence Dates\n  - [ ] Misc. Dates\n- Knowledge Required (optional)\n  - [ ] Reconnaissance\n  - [ ] Initial Compromise\n  - [ ] Post-Exploitation\n- Resource Requirements\n  - [ ] Personnel\n  - [ ] Hardware\n  - [ ] Cloud\n  - [ ] Misc.\n\n# Mission Plan\n- [ ] Objectives:\n- [ ] Operators\n- [ ] Exploits/Attacks\n- [ ] Targets \n  - [ ] Users:\n  - [ ] Machines:\n  - [ ] Objectives:\n- [ ] Execution plan variations\n\n\n# PLANNING - RED TEAM ENGAGEMENT CHECKLIST\n- [ ] Engagement Planning\n  - [ ] ROE\n    - [ ] Event Communication plan\n    - [ ] Distribute Deconfliction Process\n    - [ ] Entry point/method\n    - [ ] Scope\n    - [ ] Goals/Objectives (should address at least one of the following)\n      - [ ] Protect\n      - [ ] Detect\n      - [ ] Respond\n      - [ ] Restore\n    - [ ] Target Restrictions\n    - [ ] Target Infrastructure / Asset verification / Approvals\n  - [ ] Scenario Development\n  - [ ] Operational Impact planning\n- [ ] Develop threat profiles\n    - [ ] Network and Host Activity\n    - [ ] IOC Generation (incl subsequent Analysis) and Management\n- [ ] Plan threat infrastructure\n  - [ ] Tier 1\n    - [ ] IPs\n    - [ ] Systems\n    - [ ] Redirectors\n    - [ ] PPS\n  - [ ] Tier 2\n    - [ ] IPs\n    - [ ] Systems\n    - [ ] Redirectors\n    - [ ] PPS\n  - [ ] Tier 3\n  - [ ] IPs\n  - [ ] Systems\n  - [ ] Redirectors\n  - [ ] PPS\n  - [ ] Deploy tools to infrastructure\n- [ ] Data collection repository\n\n\n## RED TEAM ENGAGEMENT GOAL PLANNING\n### COMMON GOALS: MEASURE AND OBSERVE ...\n- A THREAT’S ABILITY TO ACCESS TO COMMON AND RESTRICTED AREAS (PHYSICAL)\n  - What ability does a threat have to access common areas?\n  - What ability does a threat have to access restricted areas?\n  - Can a threat use access gained to enable cyber capabilities?\n  - What impacts can a threat have through gained access?\n\n- A THREAT’S ABILITY TO ACCESS KEY/CRITICAL SYSTEMS\n  - Can a threat access key/critical systems?\n  - What impacts can a threat have on key/critical systems?\n\n- A THREAT’S ABILITY TO MOVE FREELY THROUGHOUT A NETWORK\n  - What ability does a threat have to freely move throughout a network?\n\n- A THREAT’S ABILITY TO GAIN DOMAIN WIDE AND LOCAL ADMINISTRATIVE ACCESS?\n  - What ability does a threat have to gain local administrative access?\n  - What ability does a threat have to gain domain administrative access?\n  - What ability does a threat have to gain elevated access?\n\n- A THREAT’S ABILITY TO ACCESS OR IDENTIFY SENSITIVE INFORMATION\n  - What ability does a threat have to access sensitive information?\n  - What ability does a threat have to identify sensitive information?\n\n- A THREAT’S ABILITY TO EXFILTRATE DATA OUTSIDE AN ORGANIZATION\n  - What ability does a threat have to exfiltrate data outside an organization?\n  - How much data must be exfiltrated to impact an organization?\n\n- A THREAT’S ABILITY TO ACT UNDETECTED FOR A GIVEN TIME FRAME\n  - How long can a threat go undetected?\n  - Can a threat achieve its goals undetected?\n  - What must a threat do to stimulate a reaction from an organization?\n\n- A THREAT’S ABILITY TO PERFORM OPERATIONAL IMPACTS\n  - What impacts can a threat perform against an organization?\n  - How can a threat affect X?\n\n---\n\n# Rules of Engagement (RoE)\n- Rules of Engagement\n  - Executive Summary\t\n    - Overarching summary of all contents and authorization within RoE document\n  - Purpose\n    - Defines why the RoE document is used\n  - References\t\n    - Any references used throughout the RoE document (HIPAA, ISO, etc.)\n  - Scope\n    - Statement of the agreement to restrictions and guidelines\n  - Definitions \n    - Definitions of technical terms used throughout the RoE document\n  - Rules of Engagement and Support Agreement\t\n    - Defines obligations of both parties and general technical expectations of engagement conduct\n  - Provisions\t\n    - Define exceptions and additional information from the Rules of Engagement\n  - Requirements, Restrictions, and Authority \n    - Define specific expectations of the red team cell\n  - Ground Rules\n    - Define limitations of the red team cell's interactions\n  - Resolution of Issues/Points of Contact\n    - Contains all essential personnel involved in an engagement\n  - Authorization\n    - Statement of authorization for the engagement\n  - Approval \n    - Signatures from both parties approving all subsections of the preceding document\n  - Appendix\n    - Any further information from preceding subsections\t\n\n---\n\n \u003cdiv align=\"center\"\u003e\n\n\n# Campaign planning \n### The campaign summary we will be using consists of four different plans varying in-depth and coverage adapted from military operations documents.\n\nType of Plan\t| Explanation of Plan |\tPlan Contents\n---|---|---\nEngagement Plan |\tAn overarching description of technical requirements of the red team. | CONOPS, Resource and Personnel Requirements, Timelines\nOperations Plan\t| An expansion of the Engagement Plan. Goes further into specifics of each detail. | Operators, Known Information, Responsibilities, etc.\nMission Plan |\tThe exact commands to run and execution time of the engagement. | Commands to run, Time Objectives, Responsible Operator, etc.\nRemediation Plan |\tDefines how the engagement will proceed after the campaign is finished. | Report, Remediation consultation, etc.\n\n### Engagement Plan:\n\nComponent\t| Purpose\n---|---\nCONOPS (Concept of Operations) | Non-technically written overview of how the red team meets client objectives and target the client.\nResource plan | Includes timelines and information required for the red team to be successful—any resource requirements: personnel, hardware, cloud requirements.\n\n### Operations Plan:\n\nComponent\t| Purpose\n---|---\nPersonnel  | Information on employee requirements.\nStopping conditions | How and why should the red team stop during the engagement.\nRoE (optional) | -\nTechnical requirements | What knowledge will the red team need to be successful.\n\n### Mission Plan:\n\nComponent\t| Purpose\n---|---\nCommand playbooks (optional) | Exact commands and tools to run, including when, why, and how. Commonly seen in larger teams with many operators at varying skill levels.\nExecution times | Times to begin stages of engagement. Can optionally include exact times to execute tools and commands.\nResponsibilities/roles | Who does what, when.\n\n### Remediation Plan (optional):\n\nComponent\t| Purpose\n---|---\nReport | Summary of engagement details and report of findings.\nRemediation/consultation | How will the client remediate findings? It can be included in the report or discussed in a meeting between the client and the red team.\n\n\u003c/div\u003e\n\n---\n\n- TryHackMe: [Red Team Engagements](https://tryhackme.com/room/redteamengagements): \n  - Learn the steps and procedures of a red team engagement, including planning, frameworks, and documentation.\n- [Red Teaming Toolkit](https://reconshell.com/red-teaming-toolkit/)  \n\n---\n\n![Alt](https://repobeats.axiom.co/api/embed/fd78a1ef4e01d34a2cb9c01a0b0eba5de00d556d.svg \"Repobeats analytics image\")\n\n---\n\n# Tools\n## [Shr3dKit](https://github.com/shr3ddersec/Shr3dKit) Red Team Tool Kit\n\u003e ![image](https://user-images.githubusercontent.com/51442719/174849801-19d7b9fd-6c34-4d73-84f1-9707cf639cfb.png)\n\u003e ### This tool kit is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.\n\u003e #### NOTE: hard coded in /opt and made for Kali Linux\n\u003e - #### Total Size (so far): 2.5+Gb\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanlominus%2Fredteam","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanlominus%2Fredteam","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanlominus%2Fredteam/lists"}