Red Siege, a well-known cybersecurity firm, has developed and released a range of open-source tools that can greatly assist in penetration testing activities. These tools have proven to be invaluable in identifying vulnerabilities and potential security risks.
The company, which is committed to continually supporting and enhancing its tools, is offering them for free on GitHub. This move aims to make these tools accessible to a wider audience and to encourage collaboration within the cybersecurity community.
Chris Truncer, the Senior Security Consultant and Director of Training at Red Siege, expressed his passion for coding and the satisfaction he derives from seeing his creations in action. He explained that he creates these software tools as a way to fill certain software gaps and hopes that others can benefit from them as he has.
One of the tools developed by Red Siege, called AutoFunkt, is a Python script that automates the creation of serverless cloud redirectors using Cobalt Strike malleable C2 profiles. This tool simplifies the process and saves valuable time for penetration testers.
C2concealer is another tool offered by Red Siege. It is a command-line tool that generates randomized C2 malleable profiles for use in Cobalt Strike. This tool enhances the obfuscation of C2 traffic, making it more difficult for adversaries to detect and analyze.
DigDug, another tool developed by Red Siege, focuses on adding dictionary words to an executable file repeatedly until the desired size is achieved. This tool helps evade detection by certain antivirus and endpoint detection and response (EDR) engines that inspect executables for signs of null byte padding or measure entropy.
DumpCake, created by Brandon Scholet, dumps password authentication attempts to the SSH daemon. It captures attempted passwords and connection logs for analysis. This tool can be effective in monitoring and detecting unauthorized access attempts.
EyeWitness, another popular tool developed by Red Siege, takes screenshots of websites, collects server header information, and identifies default credentials if possible. It is widely used by penetration testers to triage numerous websites efficiently.
Enumerate Domain Data (EDD) is a tool designed to be similar to PowerView, but in .NET. PowerView is considered the ultimate domain enumeration tool, and EDD combines various functionalities from existing projects to provide a comprehensive domain enumeration solution.
GPPDeception, developed by Red Siege, generates a groups.xml file that mimics a real Group Policy Preferences (GPP) file. This simulated file can be used as a honeyfile by blue teams to detect pen testers or malicious actors scanning for GPP files containing usernames and encrypted passwords for lateral movement.
Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It helps find relationships between systems within a large dataset, providing valuable intelligence information for cybersecurity professionals.
ProxmarkWrapper is a wrapper around the Proxmark3 client that alerts users via text or email if an RFID card is captured. This tool enhances RFID card security and helps identify potential threats.
Wappybird is an ultithreaded Wappalyzer CLI (command-line interface) tool that identifies web technologies used by websites. It provides an optional CSV output and can save scraped data in subfolders for each host.
WMImplant is a PowerShell-based tool developed by Red Siege. It leverages Windows Management Instrumentation (WMI) to perform various actions on targeted machines, acting as the C2 (command-and-control) channel for issuing commands and receiving results. This tool requires local administrator permissions on the targeted machine.
WMIOps is a PowerShell script that uses WMI to perform actions on hosts within a Windows environment. It is primarily designed for use in penetration tests or red team engagements.
Red Siege’s commitment to developing and maintaining these open-source tools demonstrates its dedication to advancing the field of cybersecurity and supporting the wider community. Penetration testers and security professionals can greatly benefit from these tools, improving their efficiency and effectiveness in identifying and mitigating security risks.