Tip
Offensive security tools are developed by professional ethical hackers to simulate cyber-attacks and evaluate an organization's defenses. These tools offer powerful features for post-exploitation activities, such as stealthy communications, lateral movement, and advanced command and control capabilities. Some tools focus on evasion techniques to bypass modern security defenses, allowing for realistic threat simulations and payload development.
Important
Cybercriminals can obtain offensive security tools through various means, often exploiting legitimate channels or resorting to illegal methods to acquire them. These tools also allow attackers to automate parts of their attacks, making them more efficient and widespread.
| Tool Name | Threat Group Usage |
|---|---|
| Brute Ratel C4 | BlackSuit, Royal, BlackCat, Black Basta |
| BurpSuite | *Prophet Spider |
| Chashell | PYSA |
| CIMplant | Scattered Spider* |
| Cobalt Strike | MAZE, BlackSuit, Royal, Black Basta, Phobos, BlackCat, PLAY, Cuba, Karakurt, AvosLocker, Snatch, LockBit, CL0P, Vice Society, Trigona, Conti, Dagon Locker, Nokoyawa, Hive, Quantum, Diavol, XingLocker, REvil, Ryuk, NetWalker, RansomEXX, RagnarLocker, BlackByte, Qilin, Cactus, EvilCorp*, Yanluowang, DarkSide, RansomHub, Everest, Lockean*, OnePercent*, FiveHands, Storm-0501 |
| ConPtyShell | *Prophet Spider |
| Commando VM | FiveHands |
| CrackMapExec | RansomHub, DarkSide |
| Evilginx | BlackCat |
| Godzilla Web Shell | *Prophet Spider |
| Impacket | LockBit, Rhysida, BianLian, Bassterlord*, Hive, RansomHub, Scattered Spider*, Akira, Yanluowang, Vice Society, DarkSide, BlackCat, Storm-0501, Medusa Locker |
| Kerbrute | RansomHub |
| Koadic | PYSA, BlackCat, LockBit |
| LAPS Toolkit | Scattered Spider* |
| LINpeas | Scattered Spider* |
| Metasploit | MAZE, LockBit, Bassterlord*, Conti, Hive, Fog, Black Basta, RansomHub, Everest |
| Meterpreter | MAZE, Cuba, Conti, Hive, Snatch, Everest |
| MicroBurst | Scattered Spider* |
| mitm6 | BlackCat |
| OWASP ZAP | FiveHands |
| Pacu | Scattered Spider* |
| PowerShell Empire | Vice Society, Conti, PYSA, Hive, CL0P, BlackByte, LockBit, BlackCat, Avaddon |
| PowerSploit | MAZE, Conti, PYSA, Avaddon, Black Basta, Vice Society, DarkSide, Cicada3301 |
| PwnTools | *Prophet Spider |
| Responder | *Prophet Spider, BlackCat |
| ReverseSSH Shell | BlackCat |
| Rubeus | Conti, Diavol, Ryuk, BlackSuit, Cicada3301 |
| SharpSploit | OnePercent* |
| Sliver | AvosLocker, RansomHub |
| TinyMet | CL0P |
| ThunderShell | LockBit |
| WinPEAS | PLAY |