Share
## https://sploitus.com/exploit?id=86A8C314-EBCC-5D85-9D5C-608998FC764F
# RED-TEAM-TOOL-KIT
# **RED TEAMING TOOLKIT COMPLETO 2025-2026**
**Herramientas Absolutamente Completas para Operaciones Ofensivas**
---
## **TABLA MEGA COMPLETA DE HERRAMIENTAS RED TEAM 2025-2026**
### **FASE 1: PLANNING & OBJECTIVES**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **Ghostwriter** | Plataforma | https://github.com/GhostManager/Ghostwriter | Gesti贸n completa de operaciones, reportes | Avanzado |
| **VECTR** | Plataforma | https://github.com/SecurityRiskAdvisors/VECTR | Tracking de TTPs, purple teaming | Intermedio |
| **PurpleOps** | Plataforma | https://github.com/CyberCX-STA/PurpleOps | Gesti贸n de ejercicios purple team | Intermedio |
| **Caldera** | Framework | https://github.com/mitre/caldera | Emulaci贸n de adversarios automatizada | Avanzado |
| **Tidal Cyber** | SaaS | https://app.tidalcyber.com | Threat-informed defense planning | Profesional |
| **Control Validation Compass** | Web | https://controlcompass.github.io | Mapeo de controles vs t茅cnicas | Avanzado |
| **Prelude Operator** | Plataforma | https://www.preludesecurity.com/products/operator | Emulaci贸n adversarial automatizada | Profesional |
| **Prelude Build** | IDE | https://www.preludesecurity.com/products/build | Desarrollo de tests de seguridad | Avanzado |
| **Atomic Red Team** | Framework | https://github.com/redcanaryco/atomic-red-team | Tests at贸micos de detecci贸n | Intermedio |
| **Red Team Automation (RTA)** | Scripts | https://github.com/endgameinc/RTA | Tests de detecci贸n basados en MITRE | Intermedio |
| **TTPForge** | Framework | https://github.com/facebookincubator/TTPForge | Framework para desarrollo de TTPs | Avanzado |
| **ATT&CK Navigator** | Web | https://mitre-attack.github.io/attack-navigator/ | Mapeo visual de t茅cnicas MITRE | B谩sico |
| **Dradis Framework** | Plataforma | https://dradisframework.com | Gesti贸n de proyectos de seguridad | Intermedio |
| **Serpico** | Reportes | https://github.com/SerpicoProject/Serpico | Generaci贸n de reportes pentest | Intermedio |
---
### **FASE 2: RECONNAISSANCE (OSINT)**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **Amass** | CLI | https://github.com/OWASP/Amass | Enumeraci贸n de superficie de ataque | Avanzado |
| **SpiderFoot** | Web/CLI | https://github.com/smicallef/spiderfoot | OSINT automation completo | Intermedio |
| **BBOT** | CLI | https://github.com/blacklanternsecurity/bbot | Escaneo recursivo de internet | Avanzado |
| **Recon-ng** | Framework | https://github.com/lanmaster53/recon-ng | Framework OSINT modular | Intermedio |
| **Cloud_enum** | CLI | https://github.com/initstring/cloud_enum | OSINT multi-nube | Intermedio |
| **Pagodo** | CLI | https://github.com/opsdisk/pagodo | Google Dorks automatizado | B谩sico |
| **LinkedInt** | CLI | https://github.com/vysecurity/LinkedInt | Reconocimiento LinkedIn | Intermedio |
| **Gitleaks** | CLI | https://github.com/zricethezav/gitleaks | Detecci贸n de secrets en Git | Intermedio |
| **TruffleHog** | CLI | https://github.com/trufflesecurity/trufflehog | B煤squeda de secrets en repos | Avanzado |
| **S3Scanner** | CLI | https://github.com/sa7mon/S3Scanner | Escaneo de buckets S3 p煤blicos | Intermedio |
| **GitDorker** | CLI | https://github.com/obheda12/GitDorker | GitHub dorking automatizado | Intermedio |
| **theHarvester** | CLI | https://github.com/laramies/theHarvester | Harvesting de emails/subdominios | B谩sico |
| **Hunter.io** | Web | https://hunter.io | B煤squeda de emails corporativos | B谩sico |
| **PhoneInfoga** | CLI | https://github.com/sundowndev/phoneinfoga | OSINT de n煤meros telef贸nicos | Intermedio |
| **Sherlock** | CLI | https://github.com/sherlock-project/sherlock | B煤squeda de usuarios en redes | B谩sico |
| **Maigret** | CLI | https://github.com/soxoj/maigret | OSINT de usernames masivo | Intermedio |
| **Social-Analyzer** | CLI | https://github.com/qeeqbox/social-analyzer | An谩lisis de redes sociales | Intermedio |
| **Holehe** | CLI | https://github.com/megadose/holehe | Verificaci贸n de emails en sitios | Intermedio |
| **sn0int** | Framework | https://github.com/kpcyrd/sn0int | OSINT semi-automatizado | Avanzado |
| **Darkdump** | CLI | https://github.com/josh0xA/darkdump | B煤squeda en la dark web | Avanzado |
| **CrossLinked** | CLI | https://github.com/m8r0wn/crosslinked | LinkedIn scraping avanzado | Avanzado |
| **GHunt** | CLI | https://github.com/mxrch/GHunt | OSINT de cuentas Google | Intermedio |
| **WhatsMyName** | Web/API | https://whatsmyname.app/ | Verificaci贸n de usernames | B谩sico |
| **DeHashed** | Web | https://www.dehashed.com/ | B煤squeda de credenciales filtradas | Intermedio |
| **IntelX** | Web | https://intelx.io/ | Buscador de inteligencia | Profesional |
| **Gato** | CLI | https://github.com/praetorian-inc/gato | Toolkit de ataque GitHub | Avanzado |
| **AttackSurfaceMapper** | CLI | https://github.com/superhedgy/AttackSurfaceMapper | Automatizaci贸n de reconnaissance | Intermedio |
| **WitnessMe** | CLI | https://github.com/byt3bl33d3r/WitnessMe | Inventario web con screenshots | Intermedio |
| **spoofcheck** | CLI | https://github.com/BishopFox/spoofcheck | Verificaci贸n de spoofing de dominio | Intermedio |
| **dnscan** | CLI | https://github.com/rbsec/dnscan | Brute force de subdominios DNS | B谩sico |
---
### **FASE 3: SCANNING & ENUMERATION**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **RustScan** | CLI | https://github.com/RustScan/RustScan | Escaneo de puertos ultra r谩pido | Intermedio |
| **Nmap** | CLI | https://nmap.org/ | Escaneo de red completo | B谩sico |
| **Naabu** | CLI | https://github.com/projectdiscovery/naabu | Escaneo de puertos silencioso | Intermedio |
| **Masscan** | CLI | https://github.com/robertdavidgraham/masscan | Escaneo masivo de internet | Avanzado |
| **Httpx** | CLI | https://github.com/projectdiscovery/httpx | Probador HTTP avanzado | Intermedio |
| **Nuclei** | CLI | https://github.com/projectdiscovery/nuclei | Escaneo de vulnerabilidades | Intermedio |
| **Wappalyzer** | Extensi贸n | https://www.wappalyzer.com/ | Fingerprinting de tecnolog铆as | B谩sico |
| **WhatWeb** | CLI | https://github.com/urbanadventurer/WhatWeb | Identificaci贸n de tecnolog铆as web | B谩sico |
| **Gobuster** | CLI | https://github.com/OJ/gobuster | Directory/DB bruteforcing | B谩sico |
| **FFUF** | CLI | https://github.com/ffuf/ffuf | Fuzzing web r谩pido | Intermedio |
| **Dirsearch** | CLI | https://github.com/maurosoria/dirsearch | Directory bruteforcing | B谩sico |
| **Nikto** | CLI | https://github.com/sullo/nikto | Esc谩ner web de vulnerabilidades | B谩sico |
| **WafW00f** | CLI | https://github.com/EnableSecurity/wafw00f | Detecci贸n de WAF | Intermedio |
| **identYwaf** | CLI | https://github.com/stamparm/identYwaf | Identificaci贸n de WAF | Intermedio |
| **SSLyze** | CLI | https://github.com/nabla-c0d3/sslyze | An谩lisis SSL/TLS | Intermedio |
| **testssl.sh** | CLI | https://github.com/drwetter/testssl.sh | Testing SSL completo | Intermedio |
| **EyeWitness** | CLI | https://github.com/FortyNorthSecurity/EyeWitness | Captura de pantallas web | Intermedio |
| **Aquatone** | CLI | https://github.com/michenriksen/aquatone | Reconocimiento visual de dominios | Intermedio |
| **Subfinder** | CLI | https://github.com/projectdiscovery/subfinder | Descubrimiento de subdominios | Intermedio |
| **Assetfinder** | CLI | https://github.com/tomnomnom/assetfinder | Encuentra dominios y subdominios | B谩sico |
| **Findomain** | CLI | https://github.com/Findomain/Findomain | Enumeraci贸n de dominios r谩pida | Intermedio |
| **OneForAll** | CLI | https://github.com/shmilylty/OneForAll | Enumeraci贸n de subdominios | Avanzado |
| **Shodan CLI** | CLI | https://cli.shodan.io/ | Consultas a Shodan | Intermedio |
| **Censys CLI** | CLI | https://github.com/censys/censys-python | Consultas a Censys | Intermedio |
| **DNSRecon** | CLI | https://github.com/darkoperator/dnsrecon | Enumeraci贸n DNS avanzada | Intermedio |
| **DNSEnum** | CLI | https://github.com/fwaeytens/dnsenum | Enumeraci贸n DNS | B谩sico |
| **Fierce** | CLI | https://github.com/mschwager/fierce | DNS reconnaissance | B谩sico |
| **Sublist3r** | CLI | https://github.com/aboul3la/Sublist3r | Enumeraci贸n de subdominios | B谩sico |
| **Knock** | CLI | https://github.com/guelfoweb/knock | Enumeraci贸n de subdominios | B谩sico |
| **AltDNS** | CLI | https://github.com/infosec-au/altdns | Generaci贸n de permutaciones DNS | Intermedio |
| **MassDNS** | CLI | https://github.com/blechschmidt/massdns | DNS stub resolver de alto rendimiento | Avanzado |
| **dnsx** | CLI | https://github.com/projectdiscovery/dnsx | Toolkit DNS | Intermedio |
| **puredns** | CLI | https://github.com/d3mondev/puredns | Resoluci贸n DNS masiva | Avanzado |
| **Scanner-Cli** | CLI | https://github.com/basecamp/trix | Escaneo de repositorios | Intermedio |
---
### **FASE 4: GAINING INITIAL ACCESS**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **Evilginx2** | Framework | https://github.com/kgretzky/evilginx2 | Phishing avanzado MITM | Avanzado |
| **Gophish** | Plataforma | https://github.com/gophish/gophish | Plataforma de phishing | Intermedio |
| **Modlishka** | Proxy | https://github.com/drk1wi/Modlishka | Reverse proxy para phishing | Avanzado |
| **ScareCrow** | Payloader | https://github.com/optiv/ScareCrow | Generaci贸n de payloads evasivos | Avanzado |
| **Inceptor** | Framework | https://github.com/klezVirus/inceptor | Template-driven AV evasion | Avanzado |
| **Freeze** | Payloader | https://github.com/optiv/Freeze | Loader con syscalls directos | Avanzado |
| **Donut** | Generator | https://github.com/TheWover/donut | Shellcode generator | Intermedio |
| **Ivy** | Payloader | https://github.com/optiv/Ivy | Payload creation framework | Avanzado |
| **PEzor** | Packer | https://github.com/phra/PEzor | Open-source PE Packer | Avanzado |
| **GadgetToJScript** | Generator | https://github.com/med0x2e/GadgetToJScript | Generaci贸n de gadgets .NET | Avanzado |
| **Mystikal** | Payloader | https://github.com/D00MFist/Mystikal | macOS payload generator | Avanzado |
| **charlotte** | Shellcode | https://github.com/9emin1/charlotte | Shellcode launcher undetected | Avanzado |
| **InvisibilityCloak** | Obfuscator | https://github.com/xforcered/InvisibilityCloak | Obfuscation toolkit C# | Avanzado |
| **Dendrobate** | Framework | https://github.com/FuzzySecurity/Dendrobate | Hook unmanaged code via .NET | Avanzado |
| **Offensive VBA** | Templates | https://github.com/BC-SECURITY/Offensive-VBA-and-XLS-Entanglement | VBA/XLS ofensivo | Intermedio |
| **xlsGen** | Generator | https://github.com/aaaddress1/xlsGen | Generador Excel con macros | Intermedio |
| **darkarmour** | Evasi贸n | https://github.com/bats3c/darkarmour | Windows AV evasion | Avanzado |
| **InlineWhispers** | BOF | https://github.com/outflanknl/InlineWhispers | Direct Syscalls en BOFs | Avanzado |
| **EvilClippy** | Office | https://github.com/outflanknl/EvilClippy | Creaci贸n documentos maliciosos | Intermedio |
| **OfficePurge** | Office | https://github.com/fireeye/OfficePurge | Purgado de VBA | Avanzado |
| **ThreatCheck** | Analizador | https://github.com/rasta-mouse/ThreatCheck | Identifica bytes detectados | Intermedio |
| **CrossC2** | Generator | https://github.com/gloxec/CrossC2 | Payloads cross-platform Cobalt | Avanzado |
| **Ruler** | Exchange | https://github.com/sensepost/ruler | Interacci贸n con Exchange | Avanzado |
| **DueDLLigence** | Runner | https://github.com/fireeye/DueDLLigence | Shellcode runner framework | Avanzado |
| **RuralBishop** | Loader | https://github.com/rasta-mouse/RuralBishop | D/Invoke version UrbanBishop | Avanzado |
| **TikiTorch** | Process | https://github.com/rasta-mouse/TikiTorch | Process hollowing | Intermedio |
| **SharpShooter** | Payloader | https://github.com/mdsecactivebreach/SharpShooter | Payload creation framework | Avanzado |
| **SharpSploit** | Library | https://github.com/cobbr/SharpSploit | .NET post-exploitation library | Avanzado |
| **MSBuildAPICaller** | Executor | https://github.com/rvrsh3ll/MSBuildAPICaller | MSBuild sin msbuild.exe | Intermedio |
| **macro_pack** | Packer | https://github.com/sevagas/macro_pack | Automatizaci贸n Office malicioso | Intermedio |
| **mortar** | Evasi贸n | https://github.com/0xsp-SRD/mortar | Evasi贸n AV/EDR/XDR | Avanzado |
| **ProtectMyTooling** | Packer | https://github.com/mgeeky/ProtectMyTooling | Multi-packer wrapper | Avanzado |
| **Shhhloader** | Loader | https://github.com/icyguider/Shhhloader | Shellcode loader evasivo | Intermedio |
| **DllShimmer** | Hijacker | https://github.com/Print3M/DllShimmer | Weaponize DLL hijacking | Avanzado |
| **BeEF** | Framework | https://github.com/beefproject/beef | Browser exploitation framework | Intermedio |
| **PwnAuth** | Framework | https://github.com/fireeye/PwnAuth | OAuth abuse campaigns | Avanzado |
| **o365-attack-toolkit** | Toolkit | https://github.com/mdsecactivebreach/o365-attack-toolkit | Toolkit ataque Office365 | Avanzado |
| **CredMaster** | Sprayer | https://github.com/knavesec/CredMaster | Password spraying mejorado | Intermedio |
| **o365recon** | Recon | https://github.com/nyxgeek/o365recon | Recon O365 con creds | Intermedio |
| **SprayingToolkit** | Toolkit | https://github.com/byt3bl33d3r/SprayingToolkit | Password spraying attacks | Intermedio |
| **PhishLulz** | Phishing | https://github.com/pan0pt1c0n/PhishLulz | Framework phishing avanzado | Avanzado |
---
### **FASE 5: LATERAL MOVEMENT**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **Impacket** | Library | https://github.com/SecureAuthCorp/impacket | Clases Python para protocolos | Intermedio |
| **CrackMapExec** | CLI | https://github.com/byt3bl33d3r/CrackMapExec | Swiss army knife para redes | Avanzado |
| **SharpSploit** | Library | https://github.com/cobbr/SharpSploit | .NET post-exploitation | Avanzado |
| **Rubeus** | CLI | https://github.com/GhostPack/Rubeus | Toolkit Kerberos | Avanzado |
| **Mimikatz** | CLI | https://github.com/gentilkiwi/mimikatz | Credential dumping | Avanzado |
| **KrbRelayUp** | CLI | https://github.com/Dec0ne/KrbRelayUp | PrivEsc via Kerberos relay | Avanzado |
| **PowerUpSQL** | PowerShell | https://github.com/NetSPI/PowerUpSQL | Toolkit ataque SQL Server | Intermedio |
| **SQLRecon** | CLI | https://github.com/skahwah/SQLRecon | Reconnaissance SQL Server | Intermedio |
| **SCShell** | CLI | https://github.com/Mr-Un1k0d3r/SCShell | Fileless lateral movement | Avanzado |
| **SharpRDP** | CLI | https://github.com/0xthirteen/SharpRDP | RDP command execution | Intermedio |
| **MoveKit** | Toolkit | https://github.com/0xthirteen/MoveKit | Lateral movement para CS | Avanzado |
| **SharpNoPSExec** | CLI | https://github.com/juliourena/SharpNoPSExec | Fileless command execution | Avanzado |
| **Responder** | CLI | https://github.com/lgandx/Responder | LLMNR/NBT-NS poisoner | Intermedio |
| **Farmer** | Collector | https://github.com/mdsecactivebreach/Farmer | Colecci贸n hashes NetNTLM | Avanzado |
| **CIMplant** | CLI | https://github.com/FortyNorthSecurity/CIMplant | CIM/WMI para ejecuci贸n remota | Intermedio |
| **PowerLessShell** | PowerShell | https://github.com/Mr-Un1k0d3r/PowerLessShell | Ejecuci贸n PowerShell sin powershell.exe | Avanzado |
| **SharpGPOAbuse** | CLI | https://github.com/FSecureLABS/SharpGPOAbuse | Abuso de GPOs | Avanzado |
| **kerbrute** | CLI | https://github.com/ropnop/kerbrute | Bruteforce Kerberos | Intermedio |
| **mssqlproxy** | Toolkit | https://github.com/blackarrowsec/mssqlproxy | Lateral movement via SQL Server | Avanzado |
| **Invoke-TheHash** | PowerShell | https://github.com/Kevin-Robertson/Invoke-TheHash | Pass the Hash utilities | Intermedio |
| **InveighZero** | CLI | https://github.com/Kevin-Robertson/InveighZero | Machine-in-the-middle .NET | Avanzado |
| **SharpSpray** | CLI | https://github.com/jnqpblc/SharpSpray | Password spraying via LDAP | Intermedio |
| **SharpAllowedToAct** | CLI | https://github.com/pkb1s/SharpAllowedToAct | RBCD computer object takeover | Avanzado |
| **SharpRDPHijack** | CLI | https://github.com/bohops/SharpRDPHijack | Hijack de sesiones RDP | Avanzado |
| **CheeseTools** | Toolkit | https://github.com/klezVirus/CheeseTools | Varias herramientas 煤tiles | Intermedio |
| **LatLoader** | PoC | https://github.com/icyguider/LatLoader | Lateral movement automatizado | Intermedio |
| **MalSCCM** | Toolkit | https://github.com/nettitude/MalSCCM | Abuso de SCCM | Avanzado |
| **Coercer** | CLI | https://github.com/p0dalirius/Coercer | Coerci贸n de autenticaci贸n Windows | Intermedio |
| **orpheus** | Toolkit | https://github.com/trustedsec/orpheus | Bypass Kerberoast detections | Avanzado |
| **goexec** | Framework | https://github.com/FalconOpsLLC/goexec | Remote execution methods | Avanzado |
| **BitlockMove** | Toolkit | https://github.com/rtecCyberSec/BitlockMove | Lateral movement via Bitlocker DCOM | Avanzado |
| **Liquid Snake** | Toolkit | https://github.com/RiccardoAncarani/LiquidSnake | Fileless lateral movement WMI | Avanzado |
| **StandIn** | Toolkit | https://github.com/FuzzySecurity/StandIn | AD post-compromise toolkit | Intermedio |
| **Recon-AD** | Toolkit | https://github.com/outflanknl/Recon-AD | AD recon tool | Intermedio |
---
### **FASE 6: PRIVILEGE ESCALATION**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **PEASS-ng** | Suite | https://github.com/carlospolop/PEASS-ng | Suite de scripts de PrivEsc | Intermedio |
| **Watson** | CLI | https://github.com/rasta-mouse/Watson | Enumeraci贸n KBs faltantes | Intermedio |
| **SweetPotato** | Exploit | https://github.com/CCob/SweetPotato | PrivEsc service to SYSTEM | Intermedio |
| **GodPotato** | Exploit | https://github.com/BeichenDream/GodPotato | SYSTEM via SeImpersonate | Intermedio |
| **PrivKit** | BOF | https://github.com/mertdas/PrivKit | Beacon Object File para PrivEsc | Avanzado |
| **SharpUp** | CLI | https://github.com/GhostPack/SharpUp | Port C# de PowerUp | Intermedio |
| **dazzleUP** | CLI | https://github.com/hlldz/dazzleUP | Detecci贸n vulnerabilidades PrivEsc | Intermedio |
| **LinPEAS** | Script | https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS | Linux privilege escalation | Intermedio |
| **WinPEAS** | Script | https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS | Windows privilege escalation | Intermedio |
| **Linux Exploit Suggester** | Script | https://github.com/mzet-/linux-exploit-suggester | Sugiere exploits Linux | B谩sico |
| **Windows-Exploit-Suggester** | Script | https://github.com/AonCyberLabs/Windows-Exploit-Suggester | Sugiere exploits Windows | B谩sico |
| **JAWS** | PowerShell | https://github.com/411Hall/JAWS | Windows PrivEsc enumeration | B谩sico |
| **PowerUp** | PowerShell | https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc | PowerShell PrivEsc checks | Intermedio |
| **pspy** | Monitor | https://github.com/DominicBreuker/pspy | Monitor procesos sin root | Intermedio |
| **pwnkit** | Exploit | https://github.com/berdav/CVE-2021-4034 | Exploit Pkexec | Intermedio |
| **Dirty Pipe** | Exploit | https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit | CVE-2022-0847 | Intermedio |
| **PrintNightmare** | Exploit | https://github.com/cube0x0/CVE-2021-1675 | CVE-2021-1675 exploit | Intermedio |
| **CVE-2021-36934** | Exploit | https://github.com/GossiTheDog/HiveNightmare | SeriousSAM vulnerability | Intermedio |
| **CVE-2020-1472** | Exploit | https://github.com/SecuraBV/CVE-2020-1472 | Zerologon exploit | Intermedio |
| **CVE-2019-0708** | Exploit | https://github.com/n1nj4sec/pupy | BlueKeep exploit | Avanzado |
| **Kernelhub** | Collection | https://github.com/Ascotbe/Kernelhub | Colecci贸n exploits kernel Windows | Avanzado |
| **linux-kernel-exploits** | Collection | https://github.com/SecWiki/linux-kernel-exploits | Colecci贸n exploits kernel Linux | Avanzado |
| **windows-kernel-exploits** | Collection | https://github.com/SecWiki/windows-kernel-exploits | Colecci贸n exploits kernel Windows | Avanzado |
| **GTFOBins** | Web | https://gtfobins.github.io | Binarios Unix para bypass | B谩sico |
| **LOLBAS** | Web | https://lolbas-project.github.io/ | Living Off The Land Binaries | Intermedio |
| **LOOBins** | Web | https://www.loobins.io/ | macOS Living Off The Land | Intermedio |
| **Hijack Libs** | Web | https://hijacklibs.net | DLL Hijacking candidates | Intermedio |
| **Living Off The Land Drivers** | Web | https://www.loldrivers.io/ | Drivers usados por adversarios | Avanzado |
| **WTFBins** | Web | https://wtfbins.wtf/ | Binarios benignos sospechosos | Intermedio |
| **Filesec** | Web | https://filesec.io/ | Extensiones usadas por atacantes | B谩sico |
---
### **FASE 7: MAINTAINING ACCESS/PERSISTENCE**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **SharPersist** | CLI | https://github.com/fireeye/SharPersist | Windows persistence toolkit | Avanzado |
| **SharpStay** | CLI | https://github.com/0xthirteen/SharpStay | Instalaci贸n de persistence .NET | Avanzado |
| **Havoc** | Framework | https://github.com/HavocFramework/Havoc | Post-exploitation C2 framework | Avanzado |
| **Cobalt Strike** | Framework | https://cobaltstrike.com/ | Adversary simulation software | Profesional |
| **Sliver** | Framework | https://github.com/BishopFox/sliver | Cross-platform implant framework | Avanzado |
| **Mythic** | Framework | https://github.com/its-a-feature/Mythic | Cross-platform C2 framework | Avanzado |
| **Merlin** | Framework | https://github.com/Ne0nd0g/merlin | Command & Control server/agent | Intermedio |
| **Empire** | Framework | https://github.com/BC-SECURITY/Empire | Post-exploitation framework | Intermedio |
| **PoshC2** | Framework | https://github.com/nettitude/PoshC2 | Proxy aware C2 framework | Avanzado |
| **Koadic** | Framework | https://github.com/zerosum0x0/koadic | JScript RAT | Intermedio |
| **Covenant** | Framework | https://github.com/cobbr/Covenant | .NET C2 framework | Intermedio |
| **shad0w** | Framework | https://github.com/bats3c/shad0w | Post-exploitation framework | Avanzado |
| **SILENTTRINITY** | Framework | https://github.com/byt3bl33d3r/SILENTTRINITY | Async post-exploitation agent | Avanzado |
| **Pupy** | Framework | https://github.com/n1nj4sec/pupy | Remote administration tool | Intermedio |
| **NimPlant** | Implant | https://github.com/chvancooten/NimPlant | First-stage C2 implant | Intermedio |
| **SharpC2** | Framework | https://github.com/rasta-mouse/SharpC2 | Command & Control framework C# | Avanzado |
| **Loki** | Framework | https://github.com/boku7/Loki | C2 para Electron apps vulnerables | Avanzado |
| **AdaptixC2** | Framework | https://github.com/Adaptix-Framework/AdaptixC2 | Extensible post-exploitation | Avanzado |
| **Nimhawk** | Framework | https://github.com/hdbreaker/Nimhawk | Modular C2 framework Nim | Avanzado |
| **Brute Ratel C4** | Framework | https://bruteratel.com/ | Advanced Red Team software | Profesional |
| **SpecterInsight** | Framework | https://practicalsecurityanalytics.com/specterinsight/ | Cross-platform C2 framework | Avanzado |
| **SharpHide** | Registry | https://github.com/outflanknl/SharpHide | Hidden registry keys | Avanzado |
| **DoUCMe** | Computer | https://github.com/Ben0xA/DoUCMe | Creaci贸n computer accounts | Intermedio |
| **A Black Path Toward The Sun** | Tunneling | https://github.com/nccgroup/ABPTTS | TCP tunneling over HTTP | Avanzado |
| **pivotnacci** | Tunneling | https://github.com/blackarrowsec/pivotnacci | SOCKS over HTTP agents | Avanzado |
| **reGeorg** | Tunneling | https://github.com/sensepost/reGeorg | SOCKS via webserver | Intermedio |
| **DAMP** | ACL | https://github.com/HarmJ0y/DAMP | Persistence via ACL modification | Avanzado |
| **IIS-Raid** | Backdoor | https://github.com/0x09AL/IIS-Raid | Backdoor module para IIS | Avanzado |
| **SharPyShell** | Webshell | https://github.com/antonioCoco/SharPyShell | ASP.NET webshell | Intermedio |
| **ScheduleRunner** | Tasks | https://github.com/netero1010/ScheduleRunner | Scheduled tasks personalizado | Intermedio |
| **SharpEventPersist** | Event Log | https://github.com/improsec/SharpEventPersist | Persistence via Event Log | Avanzado |
| **Kraken** | Webshell | https://github.com/kraken-ng/Kraken | Multi-language webshell | Intermedio |
| **HiddenDesktop** | HVNC | https://github.com/WKL-Sec/HiddenDesktop | HVNC para Cobalt Strike | Avanzado |
| **pwndrop** | Hosting | https://github.com/kgretzky/pwndrop | Self-deployable file hosting | Intermedio |
| **C2concealer** | Generator | https://github.com/FortyNorthSecurity/C2concealer | Generador perfiles malleable C2 | Avanzado |
| **FindFrontableDomains** | Domains | https://github.com/rvrsh3ll/FindFrontableDomains | B煤squeda dominios frontable | Intermedio |
| **Domain Hunter** | Domains | https://github.com/threatexpress/domainhunter | Chequeo dominios expirados | Intermedio |
| **RedWarden** | Redirector | https://github.com/mgeeky/RedWarden | Malleable Redirector Cobalt | Avanzado |
| **AzureC2Relay** | Relay | https://github.com/Flangvik/AzureC2Relay | Azure Function para relay C2 | Avanzado |
| **C3** | C2 | https://github.com/FSecureLABS/C3 | Custom Command and Control | Avanzado |
| **Chameleon** | Proxy | https://github.com/mdsecactivebreach/Chameleon | Evasi贸n categorizaci贸n proxy | Avanzado |
| **redirect.rules** | Generator | https://github.com/0xZDH/redirect.rules | Generador dynamic redirect.rules | Intermedio |
| **CobaltBus** | Integration | https://github.com/Flangvik/CobaltBus | C2 via Azure Servicebus | Avanzado |
| **SourcePoint** | Generator | https://github.com/Tylous/SourcePoint | Generador perfiles C2 evasivos | Avanzado |
| **RedGuard** | Control | https://github.com/wikiZ/RedGuard | C2 front flow control tool | Avanzado |
| **skyhook** | Transfer | https://github.com/blackhillsinfosec/skyhook | Obfuscated HTTP file transfer | Avanzado |
| **GraphStrike** | C2 | https://github.com/RedSiege/GraphStrike | Cobalt Strike sobre Microsoft Graph | Avanzado |
---
### **FASE 8: DEFENSE EVASION**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **RefleXXion** | Toolkit | https://github.com/hlldz/RefleXXion | Bypass user-mode hooks | Avanzado |
| **EDRSandBlast** | Toolkit | https://github.com/wavestone-cdt/EDRSandblast | Bypass EDR via vulnerable driver | Avanzado |
| **Mangle** | Tool | https://github.com/optiv/Mangle | Manipulaci贸n de ejecutables | Avanzado |
| **AceLdr** | Loader | https://github.com/kyleavery/AceLdr | UDRL para evasi贸n memory scanner | Avanzado |
| **AtomLdr** | Loader | https://github.com/NUL0x4C/AtomLdr | DLL loader con evasi贸n | Avanzado |
| **Phant0m** | Killer | https://github.com/hlldz/Phant0m | Windows Event Log Killer | Avanzado |
| **UnDefender** | Killer | https://github.com/APTortellini/unDefender | Killing antimalware via symlinks | Avanzado |
| **Backstab** | Killer | https://github.com/Yaxser/Backstab | Kill antimalware processes | Intermedio |
| **SPAWN - Cobalt Strike BOF** | BOF | https://github.com/boku7/spawn | Spawn process con ACG, BlockDll | Avanzado |
| **BOF.NET** | Runtime | https://github.com/CCob/BOF.NET | .NET Runtime para BOFs | Avanzado |
| **NetLoader** | Loader | https://github.com/Flangvik/NetLoader | Load C# binaries patching AMSI | Intermedio |
| **FindObjects-BOF** | BOF | https://github.com/outflanknl/FindObjects-BOF | Enumeraci贸n procesos/objetos | Avanzado |
| **SharpUnhooker** | Unhooker | https://github.com/GetRektBoy724/SharpUnhooker | Universal API Unhooker C# | Intermedio |
| **EvtMute** | Filter | https://github.com/bats3c/EvtMute | Filter eventos Windows | Avanzado |
| **InlineExecute-Assembly** | BOF | https://github.com/xforcered/InlineExecute-Assembly | In process .NET assembly execution | Avanzado |
| **SharpBlock** | Bypass | https://github.com/CCob/SharpBlock | Bypass EDR active projection DLLs | Avanzado |
| **NtdllUnpatcher** | Example | https://github.com/Kharos102/NtdllUnpatcher | EDR bypassing example code | Avanzado |
| **DarkLoadLibrary** | Loader | https://github.com/bats3c/DarkLoadLibrary | LoadLibrary para operaciones | Avanzado |
| **BlockETW** | .NET | https://github.com/Soledge/BlockEtw | Block ETW telemetry .NET | Intermedio |
| **firewalker** | Library | https://github.com/mdsecactivebreach/firewalker | Library para bypass hooks | Avanzado |
| **KillDefenderBOF** | BOF | https://github.com/Cerbersec/KillDefenderBOF | PoC KillDefender BOF | Avanzado |
| **Inline-Execute-PE** | BOF | https://github.com/Octoberfest7/Inline-Execute-PE | Execute unmanaged PE en Beacon | Avanzado |
| **SigFlip** | Tool | https://github.com/med0x2e/SigFlip | Patching PE sin invalidar signature | Avanzado |
| **Blackout** | Killer | https://github.com/ZeroMemoryEx/Blackout | Kill anti-malware processes | Avanzado |
| **ShellGhost** | Technique | https://github.com/lem0nSec/ShellGhost | Memory-based evasion technique | Avanzado |
| **PoolPartyBof** | BOF | https://github.com/0xEr3bus/PoolPartyBof | Process Injection via Thread Pools | Avanzado |
| **EDRSilencer** | Tool | https://github.com/netero1010/EDRSilencer | Block EDR agents via WFP | Avanzado |
| **EDR-Freeze** | Tool | https://github.com/TwoSevenOneT/EDR-Freeze | Pone EDR en coma state | Avanzado |
| **SharpUnhooker2** | Unhooker | https://github.com/GetRektBoy724/SharpUnhooker2 | Nueva versi贸n del unhooker | Avanzado |
| **HellsGate** | Technique | https://github.com/am0nsec/HellsGate | Direct syscall technique | Avanzado |
| **HalosGate** | Technique | https://github.com/plackyhacker/HalosGate | Direct syscall technique | Avanzado |
| **SysWhispers** | Generator | https://github.com/jthuraisamy/SysWhispers | Direct syscall stubs generator | Avanzado |
| **SysWhispers2** | Generator | https://github.com/jthuraisamy/SysWhispers2 | Versi贸n mejorada | Avanzado |
| **SysWhispers3** | Generator | https://github.com/klezVirus/SysWhispers3 | Versi贸n actualizada | Avanzado |
| **FreshyCalls** | Generator | https://github.com/crummie5/FreshyCalls | Syscall handling | Avanzado |
| **BananaPhone** | Technique | https://github.com/C-Sto/BananaPhone | Syscall handling technique | Avanzado |
| **EarlyBird** | Technique | https://github.com/cryptware-Apps/EarlyBird | APC injection technique | Avanzado |
| **ProcessHerpaderping** | Technique | https://github.com/jthuraisamy/ProcessHerpaderping | Process hollowing evasion | Avanzado |
| **Gargoyle** | Technique | https://github.com/JLospinoso/gargoyle | Memory-only malware | Avanzado |
---
### **FASE 9: CREDENTIAL ACCESS**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **Mimikatz** | Toolkit | https://github.com/gentilkiwi/mimikatz | Credential dumping avanzado | Avanzado |
| **nanodump** | BOF | https://github.com/helpsystems/nanodump | Minidump LSASS via BOF | Avanzado |
| **LaZagne** | Tool | https://github.com/AlessandroZ/LaZagne | Password recovery local | Intermedio |
| **SharpDPAPI** | Toolkit | https://github.com/GhostPack/SharpDPAPI | DPAPI functionality C# | Avanzado |
| **KeeThief** | Tool | https://github.com/GhostPack/KeeThief | KeePass extraction from memory | Avanzado |
| **pypykatz** | Python | https://github.com/skelsec/pypykatz | Mimikatz en Python | Intermedio |
| **RemoteMonologue** | Technique | https://github.com/3lp4tr0n/RemoteMonologue | Credential harvesting remoto | Avanzado |
| **Dumpert** | Dumper | https://github.com/outflanknl/Dumpert | LSASS dumper con syscalls | Avanzado |
| **CredBandit** | BOF | https://github.com/xforcered/CredBandit | In memory dump de procesos | Avanzado |
| **CloneVault** | Tool | https://github.com/mdsecactivebreach/CloneVault | Export/import Credential Manager | Intermedio |
| **SharpLAPS** | Tool | https://github.com/swisskyrepo/SharpLAPS | Retrieve LAPS password LDAP | Intermedio |
| **SafetyKatz** | Tool | https://github.com/GhostPack/SafetyKatz | Mimikatz + .NET PE Loader | Avanzado |
| **forkatz** | Technique | https://github.com/Barbarisch/forkatz | Dump usando SeTrustedCredmanAccessPrivilege | Avanzado |
| **PPLKiller** | Tool | https://github.com/RedCursorSecurityConsulting/PPLKiller | Bypass LSA Protection | Avanzado |
| **AndrewSpecial** | Technique | https://github.com/hoangprod/AndrewSpecial | Dumping lsass stealthily | Avanzado |
| **Net-GPPPassword** | .NET | https://github.com/outflanknl/Net-GPPPassword | .NET Get-GPPPassword | Intermedio |
| **SharpChromium** | .NET | https://github.com/djhohnstein/SharpChromium | Retrieve Chromium data | Intermedio |
| **Chlonium** | Tool | https://github.com/rxwx/chlonium | Cloning Chromium Cookies | Intermedio |
| **SharpCloud** | Tool | https://github.com/chrismaddalena/SharpCloud | Check credential files cloud | Intermedio |
| **Koh** | Toolkit | https://github.com/GhostPack/Koh | Capture credential material | Avanzado |
| **PPLBlade** | Dumper | https://github.com/tastypepperoni/PPLBlade | Protected Process Dumper | Avanzado |
| **TrickDump** | Technique | https://github.com/ricardojoserf/TrickDump | Dump lsass usando NTAPIs | Avanzado |
| **Windows Credential Editor** | Tool | https://www.ampliasecurity.com/research/windows-credential-editor/ | Advanced credential editor | Avanzado |
| **Creddump7** | Suite | https://github.com/Neohapsis/creddump7 | Password extraction from Windows | Intermedio |
| **Hashcat** | Cracker | https://hashcat.net/hashcat/ | Password recovery avanzado | Intermedio |
| **John the Ripper** | Cracker | https://www.openwall.com/john/ | Password cracking | Intermedio |
| **Hydra** | Cracker | https://github.com/vanhauser-thc/thc-hydra | Network login cracker | Intermedio |
| **Medusa** | Cracker | https://github.com/jmk-foofus/medusa | Parallel login cracker | Intermedio |
| **Patator** | Cracker | https://github.com/lanjelot/patator | Multi-service brute forcer | Intermedio |
| **Ncrack** | Cracker | https://nmap.org/ncrack/ | Network authentication tool | Intermedio |
---
### **FASE 10: DISCOVERY & SITUATIONAL AWARENESS**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **BloodHound** | GUI/CLI | https://github.com/BloodHoundAD/BloodHound | AD reconnaissance y attack paths | Avanzado |
| **SharpView** | CLI | https://github.com/tevora-threat/SharpView | C# implementation de PowerView | Avanzado |
| **Seatbelt** | CLI | https://github.com/GhostPack/Seatbelt | Host-survey safety checks | Intermedio |
| **SharpShares** | CLI | https://github.com/mitchmoser/SharpShares | Enumerate network shares | Intermedio |
| **ADRecon** | Toolkit | https://github.com/adrecon/ADRecon | AD environment reporting | Intermedio |
| **SharpEDRChecker** | CLI | https://github.com/PwnDexter/SharpEDRChecker | Check defensive products | Intermedio |
| **Grouper2** | PowerShell | https://github.com/l0ss/Grouper2 | Find vulnerable AD Group Policy | Intermedio |
| **AggressiveProxy** | Tool | https://github.com/EncodeGroup/AggressiveProxy | Enumerate proxy configurations | Intermedio |
| **Gopher** | Tool | https://github.com/EncodeGroup/Gopher | Discover low hanging fruits | Intermedio |
| **Situational Awareness BOF** | BOF | https://github.com/trustedsec/CS-Situational-Awareness-BOF | Situational awareness commands BOF | Avanzado |
| **SauronEye** | Tool | https://github.com/vivami/SauronEye | Search tool for keywords | Intermedio |
| **SharpAppLocker** | CLI | https://github.com/Flangvik/SharpAppLocker/ | C# port Get-AppLockerPolicy | Intermedio |
| **SharpPrinter** | CLI | https://github.com/rvrsh3ll/SharpPrinter | Console version ListNetworks | Intermedio |
| **PSPKIAudit** | PowerShell | https://github.com/GhostPack/PSPKIAudit | Auditing AD Certificate Services | Avanzado |
| **ImproHound** | Tool | https://github.com/improsec/ImproHound | Identify attack paths BloodHound | Avanzado |
| **ADCSPwn** | Tool | https://github.com/bats3c/ADCSPwn | PrivEsc via AD CS | Avanzado |
| **PowerView** | PowerShell | https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon | PowerShell AD reconnaissance | Intermedio |
| **ADExplorer** | GUI | https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer | Active Directory Explorer | Intermedio |
| **LDAPDomainDump** | Python | https://github.com/dirkjanm/ldapdomaindump | Dump AD via LDAP | Intermedio |
| **Adidnsdump** | Python | https://github.com/dirkjanm/adidnsdump | Dump DNS records via ADIDNS | Avanzado |
| **RidRelay** | Tool | https://github.com/skorov/ridrelay | Relay attacks with RID cycling | Avanzado |
| **DeathStar** | Python | https://github.com/byt3bl33d3r/DeathStar | Automate AD takeover | Avanzado |
| **PingCastle** | Tool | https://www.pingcastle.com/ | AD security assessment | Intermedio |
| **CrackMapExec** | CLI | https://github.com/byt3bl33d3r/CrackMapExec | Swiss army knife AD | Avanzado |
| **Enum4linux** | Perl | https://github.com/portcullislabs/enum4linux | SMB enumeration tool | B谩sico |
| **SMBMap** | Python | https://github.com/ShawnDEvans/smbmap | SMB share enumeration | Intermedio |
| **Nullinux** | Python | https://github.com/m8r0wn/nullinux | SMB enumeration | Intermedio |
| **Get-GPPPassword** | PowerShell | https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1 | GPP password extraction | Intermedio |
| **Inveigh** | PowerShell | https://github.com/Kevin-Robertson/Inveigh | PowerShell LLMNR/NBT-NS spoofer | Intermedio |
---
### **FASE 11: COLLECTION & EXFILTRATION**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **SharpExfiltrate** | Framework | https://github.com/Flangvik/SharpExfiltrate | Framework exfiltraci贸n C# | Avanzado |
| **DNSExfiltrator** | Tool | https://github.com/Arno0x/DNSExfiltrator | Exfiltraci贸n sobre DNS | Intermedio |
| **Egress-Assess** | Tool | https://github.com/FortyNorthSecurity/Egress-Assess | Test egress data detection | Intermedio |
| **VeilTransfer** | Tool | https://github.com/infosecn1nja/VeilTransfer | Data exfiltration utility | Intermedio |
| **Chisel** | Tunnel | https://github.com/jpillora/chisel | Fast TCP/UDP tunnel HTTP | Intermedio |
| **Ligolo-ng** | Tunnel | https://github.com/nicocha30/ligolo-ng | Advanced tunneling TUN interface | Avanzado |
| **frp** | Proxy | https://github.com/fatedier/frp | Fast reverse proxy | Intermedio |
| **SockTail** | Proxy | https://github.com/Yeeb1/SockTail | Tailscale SOCKS5 proxy | Avanzado |
| **Dnscat2** | Tunnel | https://github.com/iagox86/dnscat2 | DNS tunnel | Intermedio |
| **iodine** | Tunnel | https://code.kryo.se/iodine/ | IPv4 over DNS tunnel | Intermedio |
| **ptunnel** | Tunnel | https://www.cs.uit.no/~daniels/PingTunnel/ | TCP over ICMP tunnel | Intermedio |
| **icmpsh** | Tool | https://github.com/inquisb/icmpsh | ICMP shell | Intermedio |
| **PowerCat** | PowerShell | https://github.com/besimorhino/powercat | Netcat in PowerShell | Intermedio |
| **Netcat** | Tool | https://nc110.sourceforge.io/ | Network Swiss army knife | B谩sico |
| **Socat** | Tool | http://www.dest-unreach.org/socat/ | Multipurpose relay | Intermedio |
| **Ngrok** | Tunnel | https://ngrok.com/ | Secure introspectable tunnels | Intermedio |
| **Serveo** | Tunnel | http://serveo.net/ | SSH port forwarding | Intermedio |
| **LocalTunnel** | Tunnel | https://localtunnel.github.io/www/ | Expose local server | Intermedio |
| **PageKite** | Tunnel | https://pagekite.net/ | Front-end proxy | Intermedio |
| **sshuttle** | VPN | https://github.com/sshuttle/sshuttle | Transparent proxy VPN | Intermedio |
| **Stowaway** | Tool | https://github.com/ph4ntonn/Stowaway | Multi-hop proxy tool | Avanzado |
| **Venom** | Tool | https://github.com/Dliv3/Venom | Multi-hop proxy tool | Avanzado |
| **Tunna** | Tool | https://github.com/SECFORCE/Tunna | HTTP tunneling | Intermedio |
| **reGeorg** | Tool | https://github.com/sensepost/reGeorg | SOCKS via webserver | Intermedio |
| **ABPTTS** | Tool | https://github.com/nccgroup/ABPTTS | TCP over HTTP | Avanzado |
---
### **FASE 12: COMMAND & CONTROL**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **Cobalt Strike** | Framework | https://cobaltstrike.com/ | Adversary simulation software | Profesional |
| **Brute Ratel C4** | Framework | https://bruteratel.com/ | Advanced Red Team software | Profesional |
| **Sliver** | Framework | https://github.com/BishopFox/sliver | Cross-platform implant framework | Avanzado |
| **Havoc** | Framework | https://github.com/HavocFramework/Havoc | Modern post-exploitation C2 | Avanzado |
| **Empire** | Framework | https://github.com/BC-SECURITY/Empire | Post-exploitation framework | Intermedio |
| **PoshC2** | Framework | https://github.com/nettitude/PoshC2 | Proxy aware C2 framework | Avanzado |
| **Covenant** | Framework | https://github.com/cobbr/Covenant | .NET command and control | Intermedio |
| **Metasploit** | Framework | https://www.metasploit.com/ | Penetration testing framework | Intermedio |
| **Koadic** | Framework | https://github.com/zerosum0x0/koadic | JScript RAT | Intermedio |
| **Merlin** | Framework | https://github.com/Ne0nd0g/merlin | Command & Control server/agent | Intermedio |
| **Mythic** | Framework | https://github.com/its-a-feature/Mythic | Cross-platform C2 framework | Avanzado |
| **shad0w** | Framework | https://github.com/bats3c/shad0w | Post-exploitation framework | Avanzado |
| **SILENTTRINITY** | Framework | https://github.com/byt3bl33d3r/SILENTTRINITY | Async post-exploitation agent | Avanzado |
| **Pupy** | Framework | https://github.com/n1nj4sec/pupy | Remote administration tool | Intermedio |
| **NimPlant** | Implant | https://github.com/chvancooten/NimPlant | First-stage C2 implant | Intermedio |
| **SharpC2** | Framework | https://github.com/rasta-mouse/SharpC2 | Command & Control framework C# | Avanzado |
| **Loki** | Framework | https://github.com/boku7/Loki | C2 para Electron apps | Avanzado |
| **AdaptixC2** | Framework | https://github.com/Adaptix-Framework/AdaptixC2 | Extensible post-exploitation | Avanzado |
| **Nimhawk** | Framework | https://github.com/hdbreaker/Nimhawk | Modular C2 framework Nim | Avanzado |
| **SpecterInsight** | Framework | https://practicalsecurityanalytics.com/specterinsight/ | Cross-platform C2 framework | Avanzado |
| **RedELK** | SIEM | https://github.com/outflanknl/RedELK | Red Team's SIEM | Avanzado |
| **Elastic for Red Teaming** | SIEM | https://github.com/SecurityRiskAdvisors/RedTeamSIEM | Red Team SIEM Elastic | Avanzado |
| **RedEye** | Analytic | https://github.com/cisagov/RedEye | Visual analytic tool | Intermedio |
| **C2concealer** | Generator | https://github.com/FortyNorthSecurity/C2concealer | Generador perfiles malleable C2 | Avanzado |
| **Malleable C2 Profiles** | Profiles | https://github.com/threatexpress/malleable-c2/ | Gu铆a perfiles malleable | Avanzado |
| **Cobalt Strike Community Kit** | Kit | https://cobalt-strike.github.io/community_kit/ | Extensiones comunidad CS | Avanzado |
| **Red Team Infrastructure Wiki** | Wiki | https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki | Hardening infraestructura | Avanzado |
| **Domain Fronting Guides** | Guides | Multiple sources | T茅cnicas domain fronting | Avanzado |
| **CDN Proxy Configs** | Configs | Cloudflare, Azure, AWS | Configuraci贸n CDN para C2 | Avanzado |
---
### **FASE 13: IMPACT (Simulaci贸n autorizada)**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **LockBit/Conti Leaks** | Source Code | Varias fuentes | C贸digo fuente ransomware real | Investigaci贸n |
| **Custom Ransomware** | Templates | Desarrollo propio | Simuladores ransomware custom | Avanzado |
| **Wiper Tools** | Templates | Varias fuentes | Herramientas de destrucci贸n datos | Investigaci贸n |
| **Defacement Kits** | Templates | Varias fuentes | Kits para defacement web | Intermedio |
| **PSEXEC Ransomware Sim** | Script | Custom | Simulaci贸n ransomware via PSEXEC | Avanzado |
| **DiskCryptor** | Tool | https://diskcryptor.net/ | Disk encryption software | Intermedio |
| **VeraCrypt** | Tool | https://www.veracrypt.fr/ | Disk encryption software | Intermedio |
| **DBAN** | Tool | https://dban.org/ | Disk wiping tool | Intermedio |
| **SDelete** | Tool | https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete | Secure delete | Intermedio |
| **Cipher.exe** | Built-in | Windows | Overwrite deleted data | B谩sico |
| **Shred** | Linux | Built-in | Secure file deletion | B谩sico |
| **DD** | Linux | Built-in | Disk wiping | B谩sico |
---
### **FASE 14: CLEANUP**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **EventLog Cleaners** | Scripts | Custom | Limpieza logs Windows | Intermedio |
| **Timestomp** | Technique | Metasploit | Manipulaci贸n timestamps archivos | Intermedio |
| **CCleaner** | Tool | https://www.ccleaner.com/ | System optimization y cleaning | B谩sico |
| **Custom Scripts** | Scripts | Desarrollo propio | Limpieza espec铆fica | Avanzado |
| **SDelete** | Tool | https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete | Secure delete | Intermedio |
| **BleachBit** | Tool | https://www.bleachbit.org/ | System cleaner | B谩sico |
| **Eraser** | Tool | https://eraser.heidi.ie/ | Secure data removal | Intermedio |
| **Shred** | Linux | Built-in | Secure file deletion | B谩sico |
| **Wipe** | Linux | Package | Secure file deletion | B谩sico |
| **Secure Empty Trash** | macOS | Built-in | Vaciar papelera seguro | B谩sico |
| **Clearlogs** | Script | https://github.com/mattifestation/PowerSploit | PowerShell log clearing | Intermedio |
| **Invoke-Phant0m** | Script | https://github.com/hlldz/Phant0m | Windows Event Log Killer | Avanzado |
| **Meterpreter** | Module | Metasploit | Timestomp functionality | Intermedio |
| **Anti-Forensics Toolkit** | Toolkit | Varias fuentes | Conjunto t茅cnicas anti-forenses | Avanzado |
---
### **FASE 15: REPORTING & REMEDIATION**
| Herramienta | Tipo | Link | Uso Espec铆fico | Nivel |
|------------|------|------|----------------|-------|
| **Dradis** | Plataforma | https://dradisframework.com/ | Gesti贸n proyectos seguridad | Intermedio |
| **Serpico** | Tool | https://github.com/SerpicoProject/Serpico | Generaci贸n reportes pentest | Intermedio |
| **VECTR** | Plataforma | https://github.com/SecurityRiskAdvisors/VECTR | Tracking TTPs purple teaming | Intermedio |
| **Ghostwriter** | Plataforma | https://github.com/GhostManager/Ghostwriter | Gesti贸n operaciones red team | Avanzado |
| **LaTeX Templates** | Templates | Varias fuentes | Plantillas reportes profesionales | Avanzado |
| **Pentest-Templates** | Templates | https://github.com/noraj/pentest-report-templates | Plantillas reportes pentest | Intermedio |
| **Red Team Report Templates** | Templates | Varias fuentes | Plantillas espec铆ficas red team | Avanzado |
| **Microsoft Word Templates** | Templates | Corporativas | Plantillas corporativas | B谩sico |
| **Faraday** | Plataforma | https://www.faradaysec.com/ | Gesti贸n vulnerabilidades | Intermedio |
| **PlexTrac** | Plataforma | https://www.plextrac.com/ | Reporting platform | Profesional |
| **AttackForge** | Plataforma | https://www.attackforge.com/ | Enterprise pentest platform | Profesional |
| **Pentera** | Plataforma | https://www.pentera.com/ | Automated security validation | Profesional |
| **SafeBreach** | Plataforma | https://www.safebreach.com/ | Breach and attack simulation | Profesional |
| **Picus** | Plataforma | https://www.picussecurity.com/ | Security validation platform | Profesional |
---
### **HERRAMIENTAS ESPECIALIZADAS POR DOMINIO**
#### **CLOUD SECURITY**
| Herramienta | Cloud | Link | Uso | Nivel |
|------------|-------|------|-----|-------|
| **Pacu** | AWS | https://github.com/RhinoSecurityLabs/pacu | AWS exploitation framework | Avanzado |
| **CloudMapper** | AWS | https://github.com/duo-labs/cloudmapper | An谩lisis entornos AWS | Intermedio |
| **enumerate-iam** | AWS | https://github.com/andresriancho/enumerate-iam | Enumerar permisos IAM | Intermedio |
| **adconnectdump** | Azure | https://github.com/fox-it/adconnectdump | Extracci贸n credenciales Azure AD Connect | Avanzado |
| **Stormspotter** | Azure | https://github.com/Azure/Stormspotter | Graphing Azure AD objects | Avanzado |
| **ROADtools** | Azure | https://github.com/dirkjanm/ROADtools | Azure AD exploration framework | Avanzado |
| **MicroBurst** | Azure | https://github.com/NetSPI/MicroBurst | Toolkit ataque Azure | Intermedio |
| **AADInternals** | Azure | https://github.com/Gerenios/AADInternals | PowerShell module Azure AD | Intermedio |
| **TeamFiltration** | O365 | https://github.com/Flangvik/TeamFiltration | Toolkit O365 AAD accounts | Avanzado |
| **MAAD Attack Framework** | M365 | https://github.com/vectra-ai-research/MAAD-AF | Security testing M365/Azure AD | Avanzado |
| **GraphRunner** | Graph API | https://github.com/dafthack/GraphRunner/ | Post-exploitation Microsoft Graph | Avanzado |
| **ADOKit** | Azure DevOps | https://github.com/xforcered/ADOKit | Attack Azure DevOps | Avanzado |
| **TokenTactics** | Azure | https://github.com/rvrsh3ll/TokenTactics | Azure JWT manipulation | Avanzado |
| **Maestro** | Intune | https://github.com/Mayyhem/Maestro | Post-exploitation Intune/EntraID | Avanzado |
| **Stratus Red Team** | Multi-cloud | https://github.com/DataDog/stratus-red-team | Atomic Red Team para cloud | Intermedio |
| **ScoutSuite** | Multi-cloud | https://github.com/nccgroup/ScoutSuite | Multi-cloud security auditing | Intermedio |
| **CloudGoat** | AWS | https://github.com/RhinoSecurityLabs/cloudgoat | Vulnerable AWS environment | Intermedio |
| **Flaws.cloud** | AWS | http://flaws.cloud/ | Training AWS security | B谩sico |
| **flaws2.cloud** | AWS | http://flaws2.cloud/ | Advanced AWS training | Intermedio |
#### **CONTAINERS & KUBERNETES**
| Herramienta | Tipo | Link | Uso | Nivel |
|------------|------|------|-----|-------|
| **kube-hunter** | Scanner | https://github.com/aquasecurity/kube-hunter | Kubernetes security scanner | Intermedio |
| **kubeaudit** | Auditor | https://github.com/Shopify/kubeaudit | Kubernetes security auditor | Intermedio |
| **kubesec** | Scanner | https://github.com/controlplaneio/kubesec | Kubernetes security risk analysis | Intermedio |
| **DeepCe** | Enum | https://github.com/stealthcopter/deepce | Docker enumeration | Intermedio |
| **Docker Bench Security** | Scanner | https://github.com/docker/docker-bench-security | Docker security best practices | Intermedio |
| **Trivy** | Scanner | https://github.com/aquasecurity/trivy | Vulnerability scanner containers | Intermedio |
| **Grype** | Scanner | https://github.com/anchore/grype | Vulnerability scanner containers | Intermedio |
| **Syft** | Catalog | https://github.com/anchore/syft | Software bill of materials | Intermedio |
| **CDK** | Toolkit | https://github.com/cdk-team/CDK | Container penetration toolkit | Avanzado |
| **Peirates** | Toolkit | https://github.com/inguardians/peirates | Kubernetes penetration tool | Avanzado |
| **kubectl** | CLI | Kubernetes | Kubernetes command line | Intermedio |
| **helm** | Package | Kubernetes | Kubernetes package manager | Intermedio |
#### **MOBILE & IOT**
| Herramienta | Plataforma | Link | Uso | Nivel |
|------------|-----------|------|-----|-------|
| **MobSF** | Framework | https://github.com/MobSF/Mobile-Security-Framework-MobSF | Mobile security testing | Intermedio |
| **Frida** | Framework | https://frida.re/ | Dynamic instrumentation toolkit | Avanzado |
| **Objection** | Framework | https://github.com/sensepost/objection | Runtime mobile exploration | Intermedio |
| **Burp Suite Mobile Assistant** | App | Burp Suite | Testing mobile apps | Intermedio |
| **Android SDK** | Toolkit | Google | Android development/testing | Intermedio |
| **Xcode** | Toolkit | Apple | iOS development/testing | Intermedio |
| **Apktool** | Tool | https://ibotpeaches.github.io/Apktool/ | Reverse engineering APKs | Intermedio |
| **jadx** | Decompiler | https://github.com/skylot/jadx | Dex to Java decompiler | Intermedio |
| **Ghidra** | Reversing | https://ghidra-sre.org/ | Reverse engineering framework | Avanzado |
| **Radare2** | Reversing | https://rada.re/n/ | Reverse engineering framework | Avanzado |
| **IoTGoat** | Training | https://github.com/OWASP/IoTGoat | Vulnerable IoT environment | Intermedio |
| **Firmware Analysis Toolkit** | Toolkit | https://github.com/attify/firmware-analysis-toolkit | Firmware security analysis | Avanzado |
| **Binwalk** | Tool | https://github.com/ReFirmLabs/binwalk | Firmware analysis tool | Intermedio |
---
### **PLATAFORMAS DE ENTRENAMIENTO Y LABS**
| Plataforma | Tipo | Link | Enfoque | Nivel |
|-----------|------|------|---------|-------|
| **HackTheBox** | Labs | https://www.hackthebox.com/ | M谩quinas y challenges | Todos |
| **TryHackMe** | Labs | https://tryhackme.com/ | Paths guiados y rooms | Todos |
| **PentesterLab** | Labs | https://pentesterlab.com/ | Web exploitation focus | Intermedio |
| **RangeForce** | Training | https://www.rangeforce.com/ | Blue/Red team skills | Intermedio |
| **AttackDefense** | Labs | https://attackdefense.com/ | Labs por certificaci贸n | Intermedio |
| **VulnHub** | VMs | https://www.vulnhub.com/ | VMs vulnerables gratuitas | Todos |
| **Proving Grounds** | Labs | https://www.offensive-security.com/labs/ | Labs realistas OffSec | Intermedio |
| **PentestGPT** | AI | https://pentestgpt.com/ | AI-assisted training | Todos |
| **Cybrary** | Training | https://www.cybrary.it/ | Cursos seguridad | Todos |
| **INE** | Training | https://ine.com/ | Training eLearnSecurity | Intermedio |
| **SANS Cyber Ranges** | Labs | https://www.sans.org/cyber-ranges/ | Labs SANS | Avanzado |
| **Range by Pentester Academy** | Labs | https://www.pentesteracademy.com/ | Labs Active Directory, etc. | Avanzado |
| **ZeroPointSecurity** | Training | https://training.zeropointsecurity.co.uk/ | Red Team training | Avanzado |
| **Antisyphon Training** | Training | https://www.antisyphontraining.com/ | Live training | Avanzado |
---
### **RECURSOS DE INTELIGENCIA DE AMENAZAS**
| Recurso | Tipo | Link | Descripci贸n |
|---------|------|------|-------------|
| **APT REPORT** | Repo | https://github.com/blackorbird/APT_REPORT | Colecci贸n reportes APT |
| **Awesome Threat Intelligence** | List | https://github.com/hslatman/awesome-threat-intelligence | Recursos threat intelligence |
| **deepdarkCTI** | Repo | https://github.com/fastfire/deepdarkCTI | Fuentes CTI deep/dark web |
| **CTI Dashboard** | Dashboard | https://start.me/p/wMrA5z/cyber-threat-intelligence | Dashboard recursos CTI |
| **Hudson Rock** | Tool | https://www.hudsonrock.com/threat-intelligence-cybercrime-tools | Intelligence toolset |
| **VirusTotal** | Platform | https://www.virustotal.com/ | Analisis de malware |
| **Hybrid Analysis** | Platform | https://www.hybrid-analysis.com/ | Sandbox malware analysis |
| **Any.Run** | Platform | https://any.run/ | Interactive malware analysis |
| **MalwareBazaar** | Repo | https://bazaar.abuse.ch/ | Malware repository |
| **AlienVault OTX** | Platform | https://otx.alienvault.com/ | Open threat intelligence |
| **MISP** | Platform | https://www.misp-project.org/ | Threat intelligence sharing |
| **OpenCTI** | Platform | https://www.opencti.io/ | Open source CTI platform |
| **MITRE ATT&CK** | Framework | https://attack.mitre.org/ | Knowledge base adversary TTPs |
| **CAPEC** | Framework | https://capec.mitre.org/ | Common Attack Pattern Enumeration |
| **Unfetter** | Tool | https://github.com/unfetter-discover/unfetter | MITRE ATT&CK visualizations |
---