#RTOScripts
A curated collection of small tools and helper scripts for red-team engagements. Use them standalone (not recommended, well-detected) or weave them into your own custom tool chain.
I used this repository as a playground for experimenting with obfuscation techniques and for generating labeled datasets for machine-learning tasks (mainly classification).
All content is PowerShell. A quick map of what’s inside with a few examples:
- Execution & exploits:
Exploit-EternalBlue.ps1,Exploit-JBoss.ps1,Exploit-Jenkins.ps1,Execute-Command-MSSQL.ps1,Download_Execute.ps1,DLLEnc.ps1. - Data exfiltration channels:
Exfil-Dns.ps1,Exfil-Http.ps1,Exfil-HTTPS.ps1,Exfil-Icmp.ps1,Exfil-Smtp.ps1,Exfil-Ftp.ps1,Do-Exfiltration.ps1,DNS_TXT_Pwnage.ps1,ExfilDataStreamDNS.ps1,ExfilEmail.ps1. - Credentials & browser artifacts:
Get-ClearTextPassword.ps1,Get-ChromeDump.ps1,Get-BrowserData.ps1,203_Helpers_Credential.ps1,308_Credential.ps1. - AD / Privilege / Lateral movement:
Get-AdminGroup.ps1,Get-DomainController.ps1,Enable-DuplicateToken.ps1,Add-ConstrainedDelegationBackdoor.ps1. - Persistence:
Add-Persistence.ps1,Add-RegBackdoor.ps1,Add-ScrnSaveBackdoor.ps1,Add-UserLogonScript.ps1,303_ScheduledTask.ps1. - Evasion / Defense bypass:
DisableDefender.ps1,Find-AVSignature.ps1,ExcludeProcess.ps1,ExcludeFolder.ps1,ExcludeFileExtension.ps1. - Discovery / situational awareness:
ComputerInfo.ps1,Get-ComputerDetails.ps1,Find-Fruit.ps1,GPSLocation.ps1. - Ecosystem helpers:
BloodHound.ps1,AzureHound.ps1,Create-Log4jPayload.ps1, assortedHelpers_*utilities.
Tip: Many scripts are paired with helper modules (
000_Global.ps1,200_Helpers.ps1, etc.) to keep primitives reusable.
This repo doubles as a dataset for obfuscation-detection research:
- Sources were taken as-is (full files) and also split into fixed-size chunks.
- Each sample was labeled as original or obfuscated (multiple reversible transforms were applied: identifier renaming, spacing/comment noise, string encodings, etc.).
- Trained and evaluated various ML classifiers (n-gram/TF-IDF + linear models; transformer baselines on chunks) on the task obfuscated vs. not at chunk level, with optional aggregation to file level.
MIT — see LICENSE.