We have a big community out there on GitHub, which is creating a lot of PowerShell automation modules, but also many pentesting frameworks. In this context, we very often use the specifications red teams and blue teams. Red teams consist of attackers, who try to find and make use of weaknesses in the environment. There is, though, a small difference between pentesters and red teams, as pentesters try to find as many vulnerabilities as possible in a specified time frame. To accomplish this, they use automated tools to retrieve information and find vulnerabilities. As these attacks are very often distributed from external partners, they also don't have any problem alerting the blue teams by any means, as long as this does not hinder them in finding further vulnerabilities. Red teams, in comparison, run real world adversaries and are just focused on retrieving their goal, which in most cases lies in capturing domain admin rights. 

They may use custom malware and tools and always try to be as stealthy as possible. There are companies out there providing pentesting services that are highly specialized. These pentesters have now started to share their materials, knowledge, and tools on blogs and on GitHub. Many people think that the code quality of these specific pentesting frameworks is bad or not professional. In fact though, these created pentesting frameworks are very often very well commented, structured, and coded with a professionality that you might find very rarely, even in an enterprise. They now start to work together on these frameworks, extending these on all the various ends and adding a lot of automation to them. This results in frameworks that can easily be used by almost every person. 

Blue teams, in comparison, are mostly the people on the defensive lines. It is probably much more challenging to defend against all attacks than it is to find only one weakness and make use of it. Unfortunately, it seems to be much more fun to be on the red side, as these also frequently win. Red teamers are also very often hired to accomplish both tasks, as they know where to search for the weaknesses and how these could probably be prevented or detected.