This is just a list of repositories I tend to find useful or interesting... Not sure how well sorting will work out...
- https://github.com/swisskyrepo/PayloadsAllTheThings
- https://www.ired.team/
- https://github.com/danielmiessler/SecLists
- https://gtfobins.github.io/
- https://lolbas-project.github.io/
- https://github.com/trimstray/the-book-of-secret-knowledge
- https://github.com/xapax/security
- https://github.com/xrkk/awesome-cyber-security
- https://github.com/Spacial/csirt
- https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
- https://rmusser.net/docs/index.html
- https://dmcxblue.gitbook.io/red-team-notes-2-0/
- LinkedIn Intel - https://github.com/vysecurity/LinkedInt
- WeakestLink (LinkedIn) - https://github.com/shellfarmer/WeakestLink
- Gather Contacts (Google) - https://github.com/clr2of8/GatherContacts
- https://github.com/rvrsh3ll/eavesarp (Watches ARP for inter-IP communication)
- https://github.com/mzfr/gtfo (Located GTFO/LOLBAS binaries on disk)
- PXE CLient - https://github.com/Meatballs1/PXEClient
- RustScan - https://github.com/RustScan/RustScan
- https://github.com/BloodHoundAD/BloodHound
- https://github.com/BloodHoundAD/SharpHound3
- https://github.com/fox-it/BloodHound.py
- Bloodhound Import (direct import into Neo4j) - https://github.com/fox-it/bloodhound-import
- Cypheroth (Awesome bloodhound query repo) - https://github.com/seajaysec/cypheroth
- "Custom Queries" (another bloodhound query repo) - https://github.com/awsmhacks/awsmBloodhoundCustomQueries
- "Custom Queries" (another bloodhound query repo - more updated) - https://github.com/hausec/Bloodhound-Custom-Queries
- Cheat Sheet - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
- PywerView (Python version of PowerView) - https://github.com/the-useless-one/pywerview
- ADModule (Import ActiveDirectory module without installing RSAT) - https://github.com/samratashok/ADModule
- MSLDAP - https://github.com/skelsec/msldap
- Grouper2 - https://github.com/l0ss/Grouper2
- SharpGPO - https://github.com/Dliv3/sharpgpo
- SharpGPOAbuse - https://github.com/FSecureLABS/SharpGPOAbuse
- ALCPwn (connects to Neo4j and executes changes) https://github.com/fox-it/aclpwn.py
- https://github.com/gentilkiwi/mimikatz
- https://github.com/gentilkiwi/kekeo
- Invoke-UpdateMimikatzScript.ps1 - https://gist.github.com/ihack4falafel/8b41d810d79cb16a4b1bca5ff6600b17
- SMBMap - https://github.com/ShawnDEvans/smbmap
- Snaffler - https://github.com/SnaffCon/Snaffler
- https://github.com/ropnop/kerbrute
- Kerbeos Attack Cheatsheet - https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
- https://github.com/GhostPack/SharpDump
- SharPersist (persistence automation) - https://github.com/fireeye/SharPersist
- https://github.com/rasta-mouse/MiscTools
- Watson (looks for missing patches) - https://github.com/rasta-mouse/Watson
- CertEXP (Extracts exportable certificates) - https://github.com/mubix/certexp
- Internal Monologue (steal creds w/o admin) - https://github.com/eladshamir/Internal-Monologue
- ProcessInjection - https://github.com/ZeroPointSecurity/ProcessInjection
- ConfuserEx - https://github.com/mkaring/ConfuserEx
- De4dot - https://github.com/0xd4d/de4dot
- De4dot with ConfuserEx deobfuscation - https://github.com/ViRb3/de4dot-cex
- https://github.com/Illuminopi/RCEvil.NET
- YSoSerial.net - https://github.com/pwntester/ysoserial.net
- PowerSploit DEV branch - https://github.com/PowerShellMafia/PowerSploit/tree/dev
- PowerUpSQL - https://github.com/NetSPI/PowerUpSQL
- PowerMAD - https://github.com/Kevin-Robertson/Powermad
- Inveigh - https://github.com/Kevin-Robertson/Inveigh
- Spooler bug PS1 Exploit / Original PoC - https://github.com/leechristensen/SpoolSample
- DAMP - Remote registry exploitation - https://github.com/HarmJ0y/DAMP
- LethalHTA (DCOM to load HTA remotely) - https://github.com/codewhitesec/LethalHTA
- Excel4DCOM (DCOM to load Excel 4 macro) - https://github.com/outflanknl/Excel4-DCOM
- LSASSY (Remotely dump LSASS memory) - https://github.com/Hackndo/lsassy
- IOXIDResolver (identifies host with multiple interfaces w/o auth) - https://github.com/mubix/IOXIDResolver
- Change-LockScreen - https://github.com/nccgroup/Change-Lockscreen
- RunAsTI (TrustedInstaller) - https://github.com/jschicht/RunAsTI
- CEFDebug - https://github.com/taviso/cefdebug
- Tokenvator - https://github.com/0xbadjuju/Tokenvator
- WSUSpect (doesn't work on Win10) - https://github.com/ctxis/wsuspect-proxy
- WSUSpendu - https://github.com/AlsidOfficial/WSUSpendu
- SeBackupPrivilege - https://github.com/giuliano108/SeBackupPrivilege
- Pinjectra - https://github.com/SafeBreach-Labs/pinjectra
- Whisker - https://github.com/eladshamir/Whisker
- PyWhisker (Python version of Whisker) https://github.com/ShutdownRepo/pywhisker
- These attacks require Windows 2016 functional level to have the
msDs-KeyCredentialLink
object attribute.
- PKINIT Tools - https://github.com/dirkjanm/PKINITtools
- Kernel Exploits (3+ year old repo) https://github.com/lucyoa/kernel-exploits
- NFSpy (exploiting/mounting NFS) - https://github.com/bonsaiviking/NfSpy
- Metasploit - https://github.com/rapid7/metasploit-framework
- Empire 2- https://github.com/BC-SECURITY/Empire
- Covenant - https://github.com/cobbr/Covenant
- PoshC2 - https://github.com/nettitude/PoshC2
- Sliver - https://github.com/BishopFox/sliver
- Sliver Scripting - https://github.com/moloch--/sliver-script
- Merlin - https://github.com/Ne0nd0g/merlin
- Koadic C3 - https://github.com/zerosum0x0/koadic
- SilentTrinity - https://github.com/byt3bl33d3r/SILENTTRINITY
- DNS Ftp (Download file over DNS) - https://github.com/breenmachine/dnsftp
- API key usage / hacks - https://github.com/streaak/keyhacks
- Jenkins PWN - https://github.com/gquere/pwn_jenkins
- CORStest (CORS scanner) - https://github.com/RUB-NDS/CORStest
- GAU (Gather All Links) - https://github.com/lc/gau
- GoWitness - https://github.com/sensepost/gowitness
- ABPTTS - https://github.com/nccgroup/ABPTTS
- Hashcat - https://github.com/hashcat
- John the Ripper - https://github.com/magnumripper/JohnTheRipper
- OneRuleToRuleThemAll - https://github.com/NotSoSecure/password_cracking_rules
- Microsoft mask is really effective - https://github.com/xfox64x/Hashcat-Stuffs
- WordSmith - https://github.com/skahwah/wordsmith
- PwDB-Public - https://github.com/FlameOfIgnis/Pwdb-Public
- PurpleSpray - https://github.com/mvelazc0/PurpleSpray
- KerBrute - https://github.com/TarlogicSecurity/kerbrute
- Patator - https://github.com/lanjelot/patator
- Run shellcode (Windows or Unix via hex command line arg) - https://github.com/brimstone/go-shellcode
- Hershell - https://github.com/lesnuages/hershell
- DuffleBag (Search public EBS for secrets) - https://github.com/BishopFox/dufflebag
- UhOh356 - https://github.com/Raikia/UhOh365
- MSOLSpray - https://github.com/dafthack/MSOLSpray
- ROADtools - https://github.com/dirkjanm/ROADtools
- Master of Servers (Puppet, Cheff, Ansible exploitation) - https://github.com/master-of-servers/mose
- Chrome Password Dumper - https://github.com/roflsandwich/Chrome-Password-Dumper
- Browser Exploitation list - https://github.com/Escapingbug/awesome-browser-exploit
- Chrome Cookie stealer via Remote Debugging port - https://github.com/slyd0g/WhiteChocolateMacademiaNut
- BrowserPass (Steals Firefox and IE creds, but needs a lot of DLLs) - https://github.com/jabiel/BrowserPass
- https://github.com/UndeadSec/SocialFish
- Fudge (auto-download embedded files) - https://github.com/dale-ruane/fudge
- Wifi Phisher - https://github.com/wifiphisher/wifiphisher
- EAP Hammer - https://github.com/s0lst1c3/eaphammer
- Gralwer (git) - https://github.com/jregele/grawler (ShmooCon 2018)
- GitGot - https://github.com/BishopFox/GitGot
- Blacklist3r - https://github.com/NotSoSecure/Blacklist3r (ASP Machine Keys - DotNet Deserialization)
- Finding and exploiting Kubernetes - https://github.com/averonesis/kubolt
- Defeating BIOS passwords - https://github.com/skysafe/reblog/tree/master/0000-defeating-a-laptops-bios-password
- Routopsy (attack dynamic routing protocols) - https://github.com/sensepost/routopsy
- ThreatHunter's playbooks - https://github.com/hunters-forge/ThreatHunter-Playbook/
- BlueSPAWN - https://github.com/ION28/BLUESPAWN
- PeaceMaker - https://github.com/D4stiny/PeaceMaker
- OSCtrl (OSQuery open source management tool) - https://github.com/jmpsec/osctrl
- DetectionLab - https://github.com/clong/DetectionLab
- DynamicLabs - https://github.com/ctxis/DynamicLabs
- Mini-Internet using LXC - https://github.com/flesueur/mi-lxc
- Microsoft's Defend the Flag - https://github.com/microsoft/DefendTheFlag/
- Leonidas by @fsecurelabs https://github.com/fsecurelabs/leonidas
- Squalr - https://github.com/Squalr/Squalr
- Physical Docs - https://github.com/trustedsec/physical-docs
- Modern Binary Exploiration - https://github.com/RPISEC/MBE