Commonly used tools for Red Teaming Engagements, Physical Security Assessments, and Tactical Covert Entry.
In this list I decided to share most of the tools I utilize in authorized engagements, along with my personal ranking of their value based on their usage and for you to consider if they should be in your toolkit, including where to find some of them, and in some cases I will also include some other alternatives. My goal with this list is to help fellow Red Teamers with a 'checklist', for whenever they might be missing a tool, and use this list as a reference.
Tool | Purpose | Usage | Where to find | Alternative |
---|---|---|---|---|
1. Camera with high zoom | Reconnaissance. When gathering intel on your target, and for reporting purposes for your client, you will want to use a reliable camera. With a long zoom camera, you may be able to check for cameras surrounding the building of your target, be able to spot the location of security guards, and possible gather info on the locks and perimeter, reducing the odds of being detected. | 7/10 | Recommended: Panasonic Lumix FZ-80 60x Camera | Alternative: If not the Panasonic, you can use others. There are many other good cameras in the market. Try to get one with a decent zoom, any camera with over 30x Optical Zoom should work just fine. |
1.1 Polarized Camera Filters | Reconnaissance. These are a camera's best friend when doing recon. A polarized filter helps removing glare and reflection from things in view, such as windows or vehicle windshield, allowing the camera to see clearly through them. | 10/10 | Recommended: Any polarized filter that fits the lens of your camera. | Alternatives: N/A. |
2. Body Worn Action Camera | Reconnaissance as well as for your own security purpose, in case something happens to you. With all engagements, you need to report everything to your clients. This is where the bodycam helps, by viewing and be able to replay the engagement and infiltration, as well as allowing you to demonstrate to your clients how the infiltration was performed. | 10/10 | Recommended: GoPro cameras or the DJI Osmo Action camera | Alternatives: There are other cheaper alternative action cameras that can be used, however the videos may not have the highest quality or best image stabilization, which can make the footage seem wobbly or too dark. |
3. Drone with Camera | Mostly reconnaissance. It can be used for scoping the perimeter of a building, see its surrounding area, check for cameras, blind spots, and possible fire escape areas that could be potentially used as an entry point. | 1/10 - Its not a "must have", but can really come in handy sometimes. It may be of further use if you utilize a "dropping mechanism" to drom malicious USBs or other devices into the targets premises without having to set foot on site. | Recommended: DJI Mavic Mini 2 or any other drone that fits your budget. | N/A |
4. Two-Way Radios or Walkie Talkies | Communication and Intel Gathering. You need to be able to communicate efficiently with other members of your team when performing an engagement, plus using a radio it gives you the possibility of listening into any channels being used by staff or security on the premises, and listen for any valuable information or if any of your team members has been spotted. | 9/10 | Recommended: BaoFeng UV-5R | Alternatives would be to just use cellphones and bluetooth headsets and a live call, however with this option you will not be able to listen to local radio chatter. A cell phone serves the purpose of being able to communicate with the client in case of emergency. |
5. Reliable flashlight | Self explanatory. | 8/10 | Amazon, Ebay, local hardware store | If you want to save some money, you can always use the flashlight of your cellphone, however some phones cant decrease the brightness intensity. |
6. Borescope / Endoscope | To perform reconnaissance from under or over the door, take a peek inside and see what is on the other side of the door. It helps to prevent spending time trying to open a door which has nothing important on the other side, or to check for any security measures in place, and avoid tripping any of them by accident. | 7/10 | Recommended: USB Endoscope Camera | There are a few other alternatives, varying in price, size, and connectivity. |
7. RFID Frequency Detector | This tool is utilized for recon, to determine the frequency of RFID badge readers, and determine what your target is using. By knowing if its high or low frequency, it can help you configure your proxmark to scan and clone badges. Another benefit of these tools is that they do not trigger any alerts. | 6/10 | Recommended: One good benefit of the Dangerous Things RFID Diagnostics Card is that its the size of a credit card, so it fits perfectly in your wallet for EDC use. | Alternative: The RFID LF / HF Detector can be used as a keychain. |
8. A reliable ScrewDriver with changeable bits | In some scenarios you may need to modify some of your tools, fix something, or disassemble something. | 8/10 | Recommended: Wera Kraftform | Alternative: Any other screwdriver set will work just fine. Ideally a kit which can be portable and with different bits |
9. A reliable plier multitool | Same as with the screwdriver set, in some scenarios you may need to modify a tool or fix something. | 8/10 | Recommended: Gerber Plier Multitool | Alternatives: any reliable multitool of your preference |
10. Gaffer Tape | Self explanatory. You never know when you need to modify a tool on the spot. | 8/10 | Recommended because of its portability: Red Team Tools Gaffer Tape | Alternatives: There are many other options on Amazon, but they are all larger in size. |
11. A reliable set of 0.025 thin lockpick set | Self explanatory. Cant pick locks without a lockpick set. | 10/10 | Recommended to get a well known brand with good reputation and quality products. Some of those are: TOOOL, Sparrows, Southord, Covert Instruments | N/A. You do not want a pick breaking inside of a client's lock. Avoid sets that are of unknown brands from ebay. |
12. A reliable set of 0.018 thin lockpick set | This is very similar to the 0.025 set, but you may also want to carry a thinner 0.018 or 0.015 thin lockpick set, for those locks that have a very narrow or thinner keyways, and be able to insert the picks. | 8/10 | Recommended to get a well known brand with good reputation and quality products. Some of those are: TOOOL, Sparrows, Southord, Covert Instruments | N/A. |
13. Tension bars | One of the most important things for a lockpicker. A good picker knows the value of using good and comfortable tension bars. | 10/10 | Recommended: Covert Instruments Ergo Turner Set or Sparrows Flatbars | There are many other alternatives, varying in sizes and lengths. I strongly recommend having them in varying widths. |
14. Warded picks | These are used for picking warded locks. | 5/10 | Recommended: Red Team Tools Warded Lock Picks | Alternative: Sparrows Warded Pick Set |
15. Comb picks | These are very useful to open many different Master Locks, as if you were using the key itself. | 5/10 | Recommended: Sparrows Comb .45 | Alternative options: Red Team Tools Comb Picks and the Covert Instruments Quad Comb Set |
16. Wafer picks | Self explanatory. These are used to commonly pick or rake open wafer locks, which are often seen in office environments. | 6/10 | Recommended: Red Team Tools Wafer Picks | Alternatives: Sparrows Wafer Picks |
17. Jigglers | Self explanatory. Jigglers can be used to "jiggle" your way into opening a variety of pin tumblers and wafer locks. | 6/10 | Recommended: Red Team Tools Jiggler | Alternatives: Sparrows Coffin Keys |
18. Dimple lockpicks | Self explanatory. For picking Dimple locks. | 5/10 | Recommended: Sparrows Black Flag | Alternatives: There are other cheaper lower quality brands that can get the job done. Search online for 'klom' or 'goso' dimple picks. |
19. Tubular lockpicks | Self explanatory. Its for picking tubular locks. | 4/10 | Recommended: Red Team Tools Tubular Lockpick | Alternative: If you are very skilled at picking, you can go the manual route of tensioning and single pin picking, but it will take a lot longer to open the lock. With the Sparrows Goat Wrench you are able to do so. |
20. Disk Pick | Self explanatory. For picking disk locks. | 4/10 | Recommended: Sparrows Disk Pick | N/A |
21. Lock Lubricant | Sometimes you will encounter locks that are a bit difficult to manipulate due to weather and age. Nothing some lock lube couldnt help with. | 9/10 | Some powdered Graphite gets the job done. | N/A |
22. Plug spinner | This is used in those scenarios where you try to pick open a lock, but you had to spin the core in the opposite direction. This avoids the need of having to pick the lock all over again. | 4/10 | You can find a plug spinner on Red Team Tools Plug Spinner | There are other alternatives from some other brands, which you can find with a few online searches |
23. Hinge Pin Removal Tool | Well, with some locks its just easier to remove the door. | 3/10 | Recommended: Red Team Tools Hammerless Hinge Pin Tool | Here are some other alternatives: Covert Instruments Hinge Pin Removal Tools |
24. PadLock Shims | Used for shimming padlocks. | 6/10 | Recommended: Red Team Tools Padlock Shims 5-Pack | Alternative: Sparrows padlock shims 20-pack |
25. Combination lock decoders | These are used for decoding combination locks. | 7/10 | Recommended: Covert Instruments Decoder Bundle | Alternative: Sparrows Ultra Decoder |
26. Commercial door hook or Adams Rite | These tools are used to bypass commercial door locks. | 4/10 | Recommended: Covert Instruments Commercial Door Hook | Alternative: Red Team Tools Adams Rite or the Sparrows Adams Rite Tool |
27. Lishi Picks | IYKYK. | 10/10 | N/A | N/A |
28. American Lock Bypass Driver | Self explanatory. For Bypassing American Padlocks. | 4/10 | Recommended: Red Team Tools American Lock Bypass | N/A |
29. Abus Lock Bypass Driver | Self explanatory. For Bypassing Abus Padlocks. | 4/10 | Recommended: Sparrows Abus Lock Bypass | N/A |
30. Alfa AWUS036ACS 802.11ac | One of the smallest USB wifi adapters which allows packet injection. | 10/10 | Recommended: Alfa AWUS036ACS | N/A |
41. CANtenna | Antenna made out of cans for long range WiFi hacking. | 3/10 | N/A | Yagi Antennas also work the same way. |
31. Travelers hook | These handy tools are used to manipulate the latches of unproperly installed locks on doors. | 10/10 | Both Red Team Tools Travelers Hook and Covert Instruments Travelers Hook have it available. | N/A |
32. Under Door Tool "UDT" | One of the best tools for quick covert entry. This is used by slipping it under the door, and pulling down on the locked lever from the inside and opening the door. | 10/10 | Recommended: Sparrows UDT | Alternative: Red Team Tools UDT |
33. Camera film | Sometimes you dont have enough gap under the door to use a UDT, but you have enough gap over the door. | 10/10 | Recommended: Red Team Tools Film Canister | N/A |
34. Loider tool | This is similar to the Traveler's Hook tool, but will usually fit in more narrow gaps. | 10/10 | Recommended: Sparrows Quick Jim | Alternative: Red Team Tools Rescue Jim |
35. Crash bar tool "DDT" | Self explanatory. Fire exits. Crash bar. You know. | 7/10 | Recommended: Sparrows DDT | Alternative: Serepick DDT |
36. Deadbolt Thumb Turn tool | Tool for turning thumb locks. | 7/10 | Recommended: Both Covert Instruments J tool and Red Team Tools have it available. | N/A |
37. Door Latch shims | Similar to the Travelers Hook, and the Jim, but for even narrower gaps. | 10/10 | Recommended: Red Team Tools Door Shims | Alternative: Covert Instruments Door Shims |
38. Strong Magnet | If you've seen the videos of LPL using Magnets, you know what I'm talking about. | 6/10 | Recommended: Sparrows The Magneto | There is also the MagSwitches. Quick search online and you will find them. |
39. Bump Keys | Self explanatory. (I gave it a lower rating than others would, since bumping locks is very loud and I prefer picking) | 3/10 | Recommended: Sparrows Bump Keys | N/A |
40. Seattle RAT "SEA-RAT" | This is quite heavy, and intended for first responders, and used to break things, but the long blade works as a loider tool for those doors that have a large cover plate. | 8/10 | Recommended: Seattle Rapid Access Tool | Alternative: I've heard of the use of piano wire in these cases, but I have not used it myself. |
41. Air Wedge | Its used for assistance with creating gap space in door frames, to use with the Travelers hook. | 7/10 | Recommended: Covert Instruments Air Wedge | N/A |
42. Can of Compressed Air | Used to bypass 'Request To Exit' sensors | 10/10 | These can be picked up in many local places. | N/A |
43. Proxmark3 RDV4 | One of the best tools to clone and attack RFID. | 8/10 | Recommended: Red Team Tools Proxmark RDV4 | Alternative: Hacker Warehouse Proxmark3 RDV4 |
44. Devious, Troublesome, Hooligan! | This is a set of 'keyed alike' keys, which are used in many things that we encounter on a daily basis. | 10/10 | Recommended: Hooligan Keys - Devious, Troublesome, Hooligan! | N/A |
45. Alarm, Panel, other keys | Self explanatory. | 10/10 | Recommended: Ebay - PenTesting Keys | N/A |
46. Elevator Keys | Avoid these unless you know what you are doing. | 10/10 | Recommended: Sparrows Fire Service Elevator Key Set | N/A |
47. Rubber Ducky or Bash Bunny | These USB devices are used for keystroke injection and payload delivery. | 9/10 | Recommended: HAK5 USB Rubber Ducky and the HAK5 Bash Bunny | Alternatives: The Digispark. |
48. DigiSpark | Its a cheaper alternative to the Rubber Ducky or the Bash Bunny.Read more. | 9/10 | No recommended links at the moment, but often found on overseas online sellers. | N/A |
49. Lan Turtle | USB/Ethernet device used for stealth remote attacks. | 9/10 | HAK5 Lan Turtle | N/A |
50. Shark Jack | Found a Ethernet jack in the wall? Quick Portscan? No problem. | 6/10 | Recommended: HAK5 Shark Jack | N/A |
51. Key Croc | One of the best keyloggers in the market. | 10/10 | Recommended: HAK5 Key Croc | N/A |
52. Wi-Fi Pineapple | Tool used for WiFi security assessments and attacks. | 10/10 | Recommended: HAK5 WiFi Pineapple | N/A |
53. O.MG Plug | USB implant for attacks over WiFi | 9/10 | Recommended: HAK5 O.MG Plug | N/A |
54. ESPKey | Used as an RFID implant, for RFID cloning and WiFi attacks. | 7/10 | Recommended: Red Team Tools ESPKey | N/A |
55. Pwnagotchi | Your EDC WiFi hacking friend. | 5/10 | Recommended to build. Pwnagotchi Website. | N/A |
56. Covert Belt | This is useful to conceal an extra lockpick set. | 6/10 | Recommended: Security Travel Money Belt | N/A |
57. Bogota LockPicks | Who hasn't heard of Bogota picks? | 10/10 | Recommended for EDC: Bogota PI | N/A |
58. Dog Tag Entry Tool set | EDC Bogota dog tag. | 1/10 | Recommended: Black Scout Survival Dog Tag | N/A |
59. Sparrows Wallet EDC Kit | This is a combination of multiple Sparrows EDC wallet items. | 4/10 | Recommended: Sparrows Chaos Card; Sparrows Chaos Card: Wary Edition; Sparrows Shimmy Card; Sparrows Flex Pass; Sparrows Orion Card | N/A |
60. Southord Jackknife | Keychain lockpick set. | 5/10 | Recommended: Southord Jackknife | Alternative: The Covert Instruments - Covert Companion |
61. Covert Companion | A comprehensive kit with multiple tools for multiple needs. | 10/10 | Recommended: Covert Instruments - Covert Companion | N/A |
62. Covert Companion Turning Tools | Great addition to your Covert Companion, so you do not have to carry or improvise with other tension wrenches. | 10/10 | Recommended: Covert Instruments - Turning Tools | N/A |