Skip to content

Instantly share code, notes, and snippets.

@tbalz2319

tbalz2319/software.md

Last active March 30, 2024 18:00
Show Gist options
  • Save tbalz2319/dc6f4e91471e1c92e0d5c5abc0d9d593 to your computer and use it in GitHub Desktop.
Save tbalz2319/dc6f4e91471e1c92e0d5c5abc0d9d593 to your computer and use it in GitHub Desktop.
Download ZIP
Software to Install/Configure on New Red/Blue/Purple Team Kali/Linux Box
Raw
software.md

Important Software to Install on new Red/Blue/Purple Team Kali Linux VM/Box

Updated 1/11/2019

  1. Bloodhound (AD Security Auditing)
    1. https://github.com/BloodHoundAD/BloodHound
    2. Helps Red/Blue Teams identify any potential weankess in a given Active Directory environment
  2. Photon (Fast Web Crawler OSINT)
    1. https://github.com/s0md3v/Photon
  3. Gnome-Boxes (VM-Host)
    1. https://wiki.gnome.org/Apps/Boxes
    2. Virtual Machines to Install in Gnome-Boxes
      1. Ubuntu 18.04
      2. Centos 7.x
      3. Windows 10 Pro (For Reverse Tools)
        1. Flare VM
          1. https://github.com/fireeye/flare-vm
        2. Visual Studio Community or Enterprise
          1. Pre-compile the following Ghost Pack Binaries
            1. SharpUp.exe
              1. Port of PowerUp's privilege escalation checks
            2. Seatbelt.exe
              1. Situational awareness "Safety checks"
            3. SharpRoast.exe
            4. SafetyKatz.exe
            5. SharpWMI.exe
      4. Windows 10 Pro
        1. System to Attack
        2. Test Windows Based exploits
        3. Microsoft Office
  4. GitLab Community Edition
    1. Local software/script/notes repository
  5. GhostPack
    1. https://github.com/GhostPack
    2. C# Security related tools to assist in auditing Windows based systems
  6. BurpSuite Community or Pro
    1. All BurpSuite Pro Plugins (if possible)
  7. Python: Pseudo-Terminal
    1. http://www.primalsecurity.net/0xb-python-tutorial-pseudo-terminal
    2. python -c "import pty;pty.spawn("/bin/bash")"
  8. Sparta (latest)
    1. Graphical Interface to multiple security tools
      1. Nmap, nikto, hydra, etc
  9. Powershell Empire
    1. Windows Powershell Penetration Testing Tool
  10. SecLists
    1. https://github.com/danielmiessler/SecLists
    2. Lists of common username/passwords and payloadfor security auditing purposes
  11. Chromium
    1. Secondary web browser to aid in Web Application testing
  12. Text Editors/IDEs
    1. Visual Studio Code
    2. Atom
    3. Vim
  13. Password Auditing Tools
    1. Hydra
      1. Examples/Guides
        1. https://bentrobotlabs.wordpress.com/2018/04/02/web-site-login-brute-forcing-with-hydra/
  14. BRO/Zeek (Network Based IDS)
    1. Useful for parsing PCAPs during Blue team CTFs or engagements
    2. Install Guide:
      1. https://blog.rapid7.com/2017/06/24/how-to-install-and-configure-bro-on-ubuntu-linux/
  15. Python Simple File Upload Capability
    1. https://gist.github.com/UniIsland/3346170
  16. VirtualBox for Linux
    1. Backup Virtual Machine host
  17. Cobalt Strike (Adversary Simulation Tool)
    1. Tool used to simulate various adversary attack vectors to help Blue Teams increase defenses
    2. Allows creation of C2 (Command and Control) on a network
  18. Books to have for reference/searching
    1. Gray Hat C#
    2. Web Application Hacker's Handbook
  19. **Iterm2 customization Mac OSX (may work on kali)
    1. https://medium.com/swlh/power-up-your-terminal-using-oh-my-zsh-iterm2-c5a03f73a9fb
@lundakj
Copy link

lundakj commented Mar 30, 2024

Great clue, thx for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment