Security Onion
Blue team platform Security Onion is an integrated blue-team platform combining network visibility, host visibility, log collection, detections, and analyst workflows. It is excellent for labs, training, and operational SOC-style deployments.
$ so-setup
Metasploit Framework
Security testing framework (dual-use) Metasploit Framework is a widely used security testing and validation framework that defenders study in authorized labs to understand exploit mechanics, detection opportunities, and control effectiveness.
$ msfconsole --help
CrackMapExec
Windows/AD assessment automation (dual-use) CrackMapExec is an automation framework used in authorized Windows/AD security testing and labs to validate exposure, credentials, and defensive detections across enterprise protocols.
$ crackmapexec --help
Armitage
Legacy Metasploit GUI / collaboration Armitage is a legacy GUI/team collaboration interface for Metasploit, useful mainly as historical training context for understanding earlier offensive workflow orchestration and why modern teams emphasize controlled, auditable testing.
$ armitage --help
BloodHound
AD graph analysis / privilege path mapping BloodHound is a graph analysis platform used in labs and authorized AD security reviews to understand privilege relationships, attack paths, and defensive hardening priorities in Windows environments.
$ bloodhound --help
mitm6
IPv6/AD lab attack simulation (dual-use) mitm6 is a specialized IPv6/AD attack simulation tool used in authorized labs and purple-team exercises to teach defenders how IPv6/NTLM relay paths can be abused and how to harden and detect them.
$ mitm6 -h
SharpHound
AD data collection for BloodHound (dual-use) SharpHound collects Active Directory relationship data for BloodHound analysis and is studied by defenders in authorized labs to understand what AD data enables privilege-path mapping and how to detect and harden against misuse.
$ SharpHound.exe --help # Windows lab example
Evil-WinRM
WinRM client / Windows admin and lab simulation (dual-use) Evil-WinRM is a WinRM client tool widely used in labs and authorized Windows security testing; defenders study it to understand WinRM abuse paths, logging, and hardening requirements.
$ evil-winrm -h
PingCastle
AD security posture assessment PingCastle is an Active Directory security assessment tool used by defenders to review AD security posture, identify common risks, and prioritize hardening actions in Windows environments.
$ PingCastle.exe --help # Windows lab example