2789 Open source projects that are alternatives of or similar to A Red Teamer Diaries

retrieve information via O365 with a valid cred

BruteDum - Brute Force attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack

Official Black Hat Arsenal Security Tools Repository

swiss army knife for hackers

Awesome Vulnerable Applications

An automated e-mail OSINT tool

Rockyou for web fuzzing

CTF竞赛权威指南

红队作战中比较常遇到的一些重点系统漏洞整理。

MS17-010: Python and Meterpreter

Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

Fast Modular Web Interfaces Bruteforcer

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

Git All the Payloads! A collection of web attack payloads.

Automated Adversary Emulation Platform

Rubyfu, where Ruby goes evil!

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

My own OSCP guide

BlackRAT - Java Based Remote Administrator Tool

The Lost Nintendo DS Television Output, brought back to life

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

👨‍💻 Impress your friends by pretending to be a real hacker

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

漏洞利用框架模块分享仓库

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

🎯 XML External Entity (XXE) Injection Payload List

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

A simple dns resolver of dns-record and web-record log server for pentesting

Web Application Security Scanner Framework

Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation

Drupal < 7.58 - Drupalgeddon 3 Authenticated Remote Code Execution (Metasploit)

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

安全、可靠、简单、免费的企业级蜜罐

Extraction of iMessage Data via XSS

Enumerate AD through LDAP with a collection of helpfull scripts being bundled

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

🐱‍💻 Tiny Tiny Hacks we use in our daily life.

A python based tool for exploiting and managing Android devices via ADB

Enine boyuna siber güvenlik

DoS PoC's for SAP products

web scanner - exploitation - information gathering

Proof of concept of VMSA-2017-0012

Tool Information Gathering Write By Python.

Source code for Hacker101.com - a free online web and mobile security class.

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

GoPhish Templates that I have retired and/or templates I've recreated.

REST API backend for Reconmap

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

Metasploit framework with steroids