Top 72 offensive-security open source projects

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Penetration testing utility, and antivirus assessment tool.

This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE.

A high performance offensive security tool for reconnaissance and vulnerability scanning

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

Offensive tools as Dockerfiles. Lightweight & Ready to go

Roadmap for preparing for OSCP, anyone is free to use this, and also feedback and contributions are welcome

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Automated NoSQL database enumeration and web application exploitation tool.

Don't let buffer overflows overflow your mind

Red Teaming Tactics and Techniques

GUI based offensive penetration testing tool (Open Source)

Cross Origin Resource Sharing MisConfiguration Scanner

unix SSH post-exploitation 1337 tool

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

Collection of resources for my preparation to take the OSEE certification.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

The Collective. A repo for a collection of red-team projects found mostly on Github.

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

Work in progress...

Windows shellcode development in Rust

☠️ The Pathwar Project ☠️

⛔️ offsec batteries included

My OSCP journey

Offensive Terraform Website

A curated list of awesome OSCP resources

🆕 The Multi-Tool Web Vulnerability Scanner.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

C2/post-exploitation framework

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Modified template for the OSCP Exam and Labs. Used during my passing attempt

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

My own OSCP guide

network reconnaissance toolkit

swiss army knife for hackers

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Freedom Fighting Mode: open source hacking harness

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

Exploits and Security Tools Framework 2.0.1

🍪 Flask Session Cookie Decoder/Encoder

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Infosec resource center for offensive and defensive security operations.

Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).

EmpireCTF – write-ups, capture the flag, cybersecurity

This Script will help you to gather information about your victim or friend.

JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.

VBScript minifier

A collection of resources I'm using while working toward the OSCP

Automatic Reverse Shell Generator

Bifrost C2. Open-source post-exploitation using Discord API

A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.

PHP shells that work on Linux OS, macOS, and Windows OS.

A scapy based module for programming offensive and defensive networking tools easier than before.

WiFi Penetration Testing Guide