RedGhost : Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance & Leaving No Trace

RedGhost is a Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace.

  • Payloads

Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl

  • SudoInject

Function to inject sudo command with wrapper function to run a reverse root shell everytime “sudo” is run for privilege escalataion

  • lsInject

Function to inject the “ls” command with a wrapper function to run payload everytime “ls” is run for persistence

  • Crontab

Function to create cron job that downloads payload from remote server and runs payload every minute for persistence

  • GetRoot

Function to try various methods to escalate privileges

  • Clearlogs

Function to clear logs and make investigation with forensics difficult

  • MassInfoGrab

Function to grab mass reconaissance/information on system

  • CheckVM

Function to check if the system is a virtual machine

  • MemoryExec

Function to execute remote bash script in memory

  • BanIp

Function to BanIp using iptables

Also Read – Ghostfuscator : The Python Password-Protected Obfuscator

Installation

one liner to install RedGhost:

wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; ./redghost.sh

One liner to install prerequisites and RedGhost:

wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; apt-get install dialog; apt-get install gcc; apt-get install iptables; ./redghost.sh

Prerequisites

  • Dialog
  • GCC
  • IPtables
R K

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

2 days ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

2 days ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

2 days ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

2 days ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

2 days ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

2 days ago