RedGhost – Linux post exploitation framework


Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace.

Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl

Function to inject sudo command with wrapper function to run a reverse root shell everytime “sudo” is run for privilege escalataion

  • lsInject

Function to inject the “ls” command with a wrapper function to run payload everytime “ls” is run for persistence

  • SSHKeyInject

Function to log keystrokes of a ssh process using strace

  • Crontab

Function to create cron job that downloads payload from remote server and runs payload every minute for persistence

  • SysTimer

Function to create systemd timer that downloads and executes payload every 30 seconds for persistence.

  • GetRoot

Function to try various methods to escalate privileges

  • Clearlogs

Function to clear logs and make investigation with forensics difficult

  • MassInfoGrab

Function to grab mass reconaissance/information on system

  • CheckVM

Function to check if the system is a virtual machine

  • MemoryExec

Function to execute remote bash script in memory

  • BanIp

Function to BanIp using iptables


one liner to install RedGhost:

wget; chmod +x; ./

One liner to install prerequisites and RedGhost:

wget; chmod +x; apt-get install dialog; apt-get install gcc; apt-get install iptables; apt-get install strace; ./


dialog, gcc, iptables, strace

Download RedGhost

ORY Hydra – OpenID Certified OAuth 2.0 Server and OpenID Connect Provider

Previous article

PasswordDump2ELK – Dump password ELK

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *

More in GNU/Linux