1044 Open source projects that are alternatives of or similar to 1earn

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Overlord - Red Teaming Infrastructure Automation

🌒 Shell command obfuscation to avoid detection systems

Multi OTP Spam Amp/Paralell threads

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

cobaltstrike ms17-010 module and some other

A tool to automate penetration tests

E-mails, subdomains and names Harvester - OSINT

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

Offensive Reverse Shell (Cheat Sheet)

Web Recon & Exploitation Tool.

一款适用于红蓝对抗中的仿真钓鱼系统

Subdomain enumeration through various techniques

Awesome cloud enumerator

Extract subdomains from SSL certificates in HTTPS sites.

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Automate Pentest Tool

Open Redirect Payloads

红蓝对抗跨平台远控工具

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

linux-kernel-exploits Linux平台提权漏洞集合

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Fast directory scanning and scraping tool

This powershell script has got to run in remote hacked windows host, even for pivoting

Pentesting/Bugbounty Dockerfiles.

Misc. Public Reports of Penetration Testing and Security Audits.

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

Yet Another PHP Shell - The most complete PHP reverse shell

Search for Unix binaries that can be exploited to bypass system security restrictions.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

This repository contains full code examples from the book Gray Hat C#

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

Hacking Toolkit

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

👻Impost3r -- A linux password thief

Hershell is a simple TCP reverse shell written in Go.

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

C2/post-exploitation framework

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

红队综合渗透框架

Scan your code for security misconfiguration, search for passwords and secrets. 🔍

MSDAT: Microsoft SQL Database Attacking Tool

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

👻Stowaway -- Multi-hop Proxy Tool for pentesters

hydra

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.