Commando VM 2.0, a new version of Windows-based security distribution released for penetration testing community
The current version of Commando VM 2.0 received major changes including, the fixes of 61 bugs and added 26 new tools with three major new features and more.
In order to install software, it uses Boxstarter, Chocolatey, and MyGet packages to install software and tools other utilities for red teamer and other pentesing community.
https://github.com/fireeye/commando-vm
It is recommended to install the Commando VM 2.0 in a virtual machine, for installation, it requires 60 GB of disk space, 2 GB memory, and the operating system should be Windows 7 Service Pack 1, or Windows 10
Installed Tools
Active Directory Tools
- Remote Server Administration Tools (RSAT)
- SQL Server Command Line Utilities
- Sysinternals
Command & Control
- Covenant
- WMImplant
- WMIOps
Developer Tools
- Dep
- Git
- Go
- Java
- Python 2
- Python 3 (default)
- Ruby
- Ruby Devkit
- Visual Studio 2017 Build Tools (Windows 10)
- Visual Studio Code
Docker
- Amass
- SpiderFoot
Evasion
- CheckPlease
- Demiguise
- DefenderCheck
- DotNetToJScript
- Invoke-CradleCrafter
- Invoke-DOSfuscation
- Invoke-Obfuscation
- Invoke-Phant0m
- Not PowerShell (nps)
- PS>Attack
- PSAmsi
- Pafishmacro
- PowerLessShell
- PowerShdll
- StarFighters
- SysWhispers
Exploitation
- ADAPE-Script
- API Monitor
- CrackMapExec
- CrackMapExecWin
- DAMP
- Dumpert
- EvilClippy
- Exchange-AD-Privesc
- FuzzySec’s PowerShell-Suite
- FuzzySec’s Sharp-Suite
- GadgetToJScript
- Generate-Macro
- GhostPack
- Rubeus
- SafetyKatz
- Seatbelt
- SharpDPAPI
- SharpDump
- SharpRoast
- SharpUp
- SharpWMI
- GoFetch
- Impacket
- Invoke-ACLPwn
- Invoke-DCOM
- Invoke-PSImage
- Invoke-PowerThIEf
- Juicy Potato
- Kali Binaries for Windows
- LuckyStrike
- MetaTwin
- Metasploit
- Mr. Unikod3r’s RedTeamPowershellScripts
- NetshHelperBeacon
- Nishang
- Orca
- PSBits
- PSReflect
- PowerLurk
- PowerPriv
- PowerSploit
- PowerUpSQL
- PrivExchange
- RottenPotatoNG
- Ruler
- SharpClipHistory
- SharpExchangePriv
- SharpExec
- SpoolSample
- SharpSploit
- ThreadContinue
- TikiTorch
- UACME
- impacket-examples-windows
- vssown
- Vulcan
Information Gathering
- ADACLScanner
- ADExplorer
- ADOffline
- ADRecon
- BeRoot
- BloodHound
- BloodHound-Custom-Queries (Hausec)
- dnsrecon
- FOCA
- Get-ReconInfo
- GoBuster
- GoWitness
- Net-GPPPassword
- NetRipper
- Nmap
- PowerView
- Dev branch included
- Privesc (enjoiz)
- Recon-AD
- SharpHound
- SharpView
- SpoolerScanner
- Watson
Kali Linux
- kali-linux-default
- kali-linux-xfce
- VcXsrv
Networking Tools
- Citrix Receiver
- OpenVPN
- Powercat
- Proxycap
- PuTTY
- Telnet
- VMWare Horizon Client
- VMWare vSphere Client
- VNC-Viewer
- WinSCP
- Windump
- Wireshark
Password Attacks
- ASREPRoast
- CredNinja
- DomainPasswordSpray
- DSInternals
- Get-LAPSPasswords
- Hashcat
- Internal-Monologue
- Inveigh
- Invoke-TheHash
- KeeFarce
- KeeThief
- LAPSToolkit
- MailSniper
- Mimikatz
- Mimikittenz
- RiskySPN
- SessionGopher
Reverse Engineering
- DNSpy
- Flare-Floss
- ILSpy
- PEview
- Windbg
- x64dbg
Utilities
- 7zip
- Adobe Reader
- AutoIT
- Cmder
- CyberChef
- Explorer Suite
- Gimp
- Greenshot
- Hashcheck
- HeidiSQL
- Hexchat
- HTTP File Server (hfs)
- HxD
- Keepass
- MobaXterm
- Mozilla Thunderbird
- Neo4j Community Edition
- NirLauncher
- Notepad++
- Pidgin
- Process Hacker 2
- qBittorrent
- SQLite DB Browser
- Screentogif
- Shellcode Launcher
- SimpleDNSCrypt
- SQLite DB Browser
- Sublime Text 3
- Tor Browser
- TortoiseSVN
- VLC Media Player
- yEd Graph Tool
Vulnerability Analysis
- AD Control Paths
- Egress-Assess
- Grouper2
- NtdsAudit
- PwnedPasswordsNTLM
- zBang
Web Applications
- Burp Suite
- Fiddler
- Firefox
- OWASP Zap
- Subdomain-Bruteforce
- Wfuzz
Wordlists
- FuzzDB
- PayloadsAllTheThings
- SecLists
- Probable-Wordlists
- RobotsDisallowed
