A comprehensive collection of cybersecurity automation tools, scripts, and configurations for penetration testing, infrastructure management, and security operations.
This toolkit is designed for authorized security testing and educational purposes only.
- Ensure you have proper written authorization before using these tools
- Unauthorized access to computer systems is illegal
- Use responsibly and in compliance with applicable laws and regulations
- The authors are not responsible for misuse of these tools
- Overview
- Directory Structure
- Installation
- Quick Start
- Tool Categories
- Security Considerations
- Contributing
- License
This repository contains a curated collection of security automation tools organized into logical categories:
- Build Automation: CI/CD and infrastructure deployment scripts
- Configuration Management: Docker, web server, and system configurations
- Network Tools: Connection utilities and network automation
- Security Testing: Penetration testing and vulnerability assessment tools
- System Administration: Fresh installations, maintenance, and modification scripts
- Data Processing: Generators, preprocessors, and analysis tools
βββ builders/ # Build automation and CI/CD scripts
β βββ snippets/ # Reusable code snippets and classes
β βββ *.sh # Build and deployment scripts
βββ configs/ # Configuration files and templates
β βββ docker/ # Docker configurations and compose files
β βββ web/ # Web server configurations
β βββ windows/ # Windows-specific configurations
βββ connectors/ # Database and network connection utilities
βββ engagers/ # Security testing and engagement tools
βββ fresh/ # Fresh system installation scripts
βββ functions/ # Utility functions and pipes
βββ generators/ # Data and credential generators
βββ maintainers/ # System maintenance scripts
βββ modifiers/ # System modification tools
βββ preppers/ # Data preparation and preprocessing tools
βββ random/ # Miscellaneous utilities
βββ tools/ # Specialized security and analysis tools
- Python 3.8+ with pip
- Bash shell (Linux/macOS/WSL)
- Docker (for containerized tools)
- Git for repository management
-
Clone the repository:
git clone <repository-url> cd security-automation-toolkit
-
Install Python dependencies:
# Create virtual environment (recommended) python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate # Install common dependencies pip install -r requirements.txt
-
Make scripts executable:
find . -name "*.sh" -type f -exec chmod +x {} \;
-
Install system dependencies (Ubuntu/Debian):
sudo apt update sudo apt install -y curl wget git docker.io docker-compose
Some tools require additional setup. See individual tool documentation for details.
# Generate a secure password
python3 generators/pass-gen.py# Get system information using SecureExecutionEnvironment
python3 -c "
from builders.snippets.py.class-SecureExecutionEnvironment import SecureExecutionEnvironment
executor = SecureExecutionEnvironment(['uname', '-a'])
executor.start()
executor.wait_for_completion()
print(executor.get_output()['stdout'])
"# Set up a fresh Kali Linux environment
sudo ./fresh/fresh-kali.sh# Build a custom Docker environment
./builders/build-automation.shAutomation scripts for building and deploying infrastructure:
build-automation.sh: Gitea and Drone CI installation with SSLbuild-flask.sh: Flask application deploymentbuild-llm.sh: Large Language Model setupsnippets/: Reusable Python classes and utilities
Configuration files and templates:
- Docker: Compose files for various services (BloodHound, CTI, etc.)
- Web: Server configurations and attack frameworks
- Windows: PowerShell scripts for AD, taskbar, wallpaper management
Network and database connection utilities:
connect-db.py: Database connection managementopenconnect.sh: VPN connection automation
Security testing and engagement tools:
attck.py: MITRE ATT&CK TTP execution frameworknmap-init.py: Network scanning automationransim.py: Ransomware simulation for testing
Fresh system installation and setup scripts:
fresh-kali.sh: Complete Kali Linux setup with toolsfresh-btpi.sh: Blue Team Platform initializationfresh-rtpi.sh: Red Team Platform initialization
Specialized security and analysis tools:
ntlm_spray_pass.py: NTLM password spraying toolmigrate-connect.py: Database migration utilitiespreprocess_pdfs.py: PDF processing for data extraction
- Authorization: Always obtain written authorization before testing
- Isolation: Use isolated environments for testing
- Logging: Enable comprehensive logging for all activities
- Rate Limiting: Implement delays to prevent service disruption
- Cleanup: Remove test artifacts after completion
- Password Tools: Use secure random generation
- Network Tools: Implement connection timeouts and error handling
- Execution Tools: Validate inputs and sanitize commands
- Docker Tools: Use non-root users and security contexts
Ensure compliance with:
- Local and international laws
- Organizational policies
- Industry regulations (GDPR, HIPAA, etc.)
- Ethical hacking guidelines
Each tool includes comprehensive documentation:
- Purpose and functionality
- Installation requirements
- Usage examples
- Security considerations
- Troubleshooting guides
# Example: NTLM Password Spray
python3 tools/py/ntlm_spray_pass.py \
--domain example.com \
--users userlist.txt \
--password "Password123" \
--target https://target.example.com/ \
--delay 2 \
--verbose
# Example: Secure Command Execution
python3 -c "
from builders.snippets.py.class-SecureExecutionEnvironment import SecureExecutionEnvironment
executor = SecureExecutionEnvironment(['ls', '-la'], timeout=10)
executor.start()
if executor.wait_for_completion(timeout=15):
result = executor.get_output()
print(f'Status: {executor.get_status()}')
print(f'Output: {result[\"stdout\"]}')
"We welcome contributions! Please follow these guidelines:
- Fork the repository
- Create a feature branch
- Follow coding standards
- Add comprehensive documentation
- Include security considerations
- Test thoroughly
- Python: Follow PEP 8, use type hints, include docstrings
- Bash: Use proper error handling, quote variables, check exit codes
- Documentation: Include purpose, parameters, examples, and security notes
- Security: Validate inputs, handle errors, log activities
- Update documentation
- Add/update tests
- Ensure security review
- Update CHANGELOG.md
- Request review from maintainers
This project is licensed under the MIT License - see the LICENSE file for details.
- Documentation: Check individual tool documentation
- Issues: Create GitHub issues for bugs or feature requests
- Security: Report security issues privately to maintainers
- Permission Denied: Ensure scripts are executable (
chmod +x) - Missing Dependencies: Install required packages and Python modules
- Network Issues: Check firewall settings and network connectivity
- Docker Issues: Ensure Docker daemon is running and user has permissions
- File Consolidation: Removed redundant files and consolidated functionality
- Shared Functions Library: Created unified installation and utility functions
- Enhanced Tools: Upgraded basic tools with advanced features and security
- Improved Organization: Better file structure and logical grouping
- Security Enhancements: Replaced dangerous
exec()calls with secure alternatives - Comprehensive Documentation: Complete documentation for all tools and processes
- Error Handling: Added proper exception handling and logging throughout
- Type Safety: Added type hints and validation to Python code
- Security Enhancements: Replaced dangerous
exec()calls with secure alternatives - Improved Documentation: Comprehensive documentation for all tools
- Error Handling: Added proper exception handling and logging
- Type Safety: Added type hints and validation
- Threading Support: Fixed missing imports and improved thread safety
- Initial release with basic functionality
- Core tools and scripts
- Basic documentation
cybersecurity penetration-testing automation security-tools red-team blue-team docker python bash ntlm mitre-attack infrastructure ci-cd
Remember: With great power comes great responsibility. Use these tools ethically and legally.