Cheat Sheet
Red Teaming Tools - Part1

Here is a collection of open source and commercial tools that will help in red team projects and operations. This post will help you during red teams to chose what framework to work with.

Cobalt Strike

Cobalt Strike is a platform for Adversary Simulations and Red Team Operations.


Empire is a post-exploitation framework that includes cross platform agents for Linux, Mac OS X and Windows operating systems. The latest version of empire is located here:


Metasploit Framework is a exploitation suite that provides prepared exploit codes for various vulnerabilities that can be used easily in penetration testing projects.


CSILENTTRINITY is a post-exploitation agent powered by Python, IronPython, C#/.NET.


Gcat is a Python based backdoor that uses Gmail as a command and control server. This platform can be used to mimic the behavior of an email client of gmail service.

Cobalt Strike

Cobalt Strike is a platform for Adversary Simulations and Red Team Operations.


Pupy is a powerfull opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool written in pure python.


Koadic or COM Command & Control, is a Windows post-exploitation malware similar to other penetration testing tools such as Meterpreter and Powershell Empire.


PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement.


Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go.


Quasar is a fast and light-weight remote administration tool coded in C#. The administration panel is fantastic and Provides high stability and an easy-to-use user interface.


Covenant is a perfect .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive. This state of the art framework server can run on Linux and Windows operating systems and has most of the functionalities you need to operate in redops.


Sliver is an open source, cross-platform adversary emulation/red team platform, it can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. The server and client support MacOS, Windows, and Linux. Implants are supported on MacOS, Windows, and Linux (and possibly every Golang compiler target but we've not tested them all).