Curated list of resources about Rust language used for offensive security & red teaming.
List inspired by the awesome list thing.
- Coffee: A COFF loader made in Rust
- Exploring RustiveDump
- PIC shellcode: The Rust way
- Rasta Mouse Custom Beacon Artifacts
- Writing Sliver C2 Extensions in Rust
- Black Hat Rust - Applied offensive security with Rust.
Boilerplates for Rust language used for offensive security & red teaming.
... Coming soon
- ADPT - DLL proxying for lazy people.
- Arsenal-rs - Rusty Arsenal - A collection of experimental Process Injection and Post-Exploitation Techniques in Rust.
- Bin Finder - Detect EDR's exceptions by inspecting processes' loaded modules.
- Bore - bore is a simple CLI tool for making tunnels to localhost.
- Cerbero - Kerberos protocol attacker.
- Crabby - WebShell for Red Teams, just easily.
- CustomEntryPoint - Select any exported function in a dll as the new dll's entry point.
- DInvoke_rs - Dynamically invoke arbitrary unmanaged code.
- Dog - A command-line DNS client written in rust. Dig alternative.
- Dumpy - Reuse open handles to dynamically dump LSASS.
- Eagle-rs - Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle).
- EPI - Threadless Process Injection through entry point hijacking.
- Feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
- Fiber - Using fibers to run in-memory code.
- Findomain - The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.
- Freeze.rs - Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST.
- GhostDriver - GhostDriver is a Rust-built AV killer tool using BYOVD.
- Goblin - An impish, cross-platform binary parsing crate, written in Rust.
- Haylxon - Blazing-fast tool to grab screenshots of your domain list right from terminal.
- Hrekt - A really fast http prober.
- Illusion-rs - Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion).
- IronRDP - Rust implementation of the Microsoft Remote Desktop Protocol (RDP).
- Legba - A multiprotocol credentials bruteforcer / password sprayer and enumerator.
- Lorsrf - Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load.
- Matrix-rs - Rusty Hypervisor - Windows Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
- Moonwalk Back - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
- Noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
- NovaLdr - Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre).
- Offensive Rust - A collection of offensive security tools written in Rust.
- OffensiveRust - Rust Weaponization for Red Team Engagements.
- Osintui - OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys.
- Ppfuzz - A fast tool to scan client-side prototype pollution vulnerability written in Rust.
- Pyscan - Python dependency vulnerability scanner, written in Rust.
- Qscan - Quick network scanner library.
- Redlotus-rs - Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus).
- Ripgen - Rust-based high performance domain permutation generator.
- Ripgrep - Ripgrep recursively searches directories for a regex pattern while respecting your gitignore.
- Rust for Malware Development - Rust for malware development and for low level stuffs.
- Rust Syscall - Single stub direct and indirect syscalling with runtime SSN resolving for windows.
- RustChain - Hide memory artifacts using ROP and hardware breakpoints.
- RustHollow - Inject a shellcode in a remote process using Process Hollowing.
- RustHound - Active Directory data collector for BloodHound written in Rust.
- Rustic64 - 64-bit, position-independent shellcode template for Windows in Rust.
- Rustic64Shell - 64-bit, position-independent reverse tcp shell, built in Rust for Windows.
- RustiveDump - LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission.
- RustPacker - Template-based shellcode packer written in Rust, with indirect syscall support. Made with <3 for pentesters.
- RustRedOps - RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language.
- RustScan - The Modern Port Scanner.
- Rusty Hog - A suite of secret scanners built in Rust for performance. Based on TruffleHog.
- RustVEHSyscalls - Rust port of LayeredSyscall, designed to perform indirect syscalls while generating legitimate API call stack frames by abusing Vectored Exception Handling (VEH) to bypass user-land EDR hooks in Windows.
- Scrying - A tool for collecting RDP, web and VNC screenshots all in one place.
- Shelter - ROP-based sleep obfuscation to evade memory scanners.
- Skanuvaty - Dangerously fast DNS/network/port scanner
- Sniffglue - Secure multithreaded packet sniffer.
- Split - Apply a divide and conquer approach to bypass EDRs.
- Unwinder - Call stack spoofing for Rust.
- Venom-rs - Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom).
- WStunnel - Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available.
- X8 - Hidden parameters discovery suite
- LibAFL - Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
- Litcrypt - A Rust compiler plugin to encrypt string literal at compile time.
Found an awesome package, article, blog, video etc.? Send me a pull request! Just follow the guidelines. Thank you!
