2789 Open source projects that are alternatives of or similar to A Red Teamer Diaries

Advanced and easy to use penetration testing framework 💣🔎

BruteDum - Brute Force attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack

Automated Adversary Emulation Platform

Rubyfu, where Ruby goes evil!

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

Adds a customizable "Send to..."-context-menu to your BurpSuite.

👨‍💻 Impress your friends by pretending to be a real hacker

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

Tool Information Gathering Write By Python.

Extraction of iMessage Data via XSS

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

Enumerate AD through LDAP with a collection of helpfull scripts being bundled

Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation

The ultimate WinRM shell for hacking/pentesting

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

A Tools Session Hijacking And Stealer Local Passcode Telegram Windows

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

This repo will contain some basic pentest/RT commands.

rsGen is a Reverse Shell Payload Generator for hacking.

Brahma - Privilege elevation exploit for Nintendo 3DS

Monitoring GitHub for sensitive data shared publicly

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

A MongoDB importer and API for Project Sonars DNS datasets

Auto IP or Domain Attack Tool ( #1 )

JSshell - JavaScript reverse/remote shell

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

DoS PoC's for SAP products

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

RubberDucky like payloads for DigiSpark Attiny85

Drupal < 7.58 - Drupalgeddon 3 Authenticated Remote Code Execution (Metasploit)

Proof of concept of VMSA-2017-0012

Metasploit framework with steroids

GoPhish Templates that I have retired and/or templates I've recreated.

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

A tool to fastly get all javascript sources/files

Unsigned code loader for Exynos BootROM

An automated e-mail OSINT tool

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

ANDRAX The first and unique Penetration Testing platform for Android smartphones

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Some of my public exploits

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

A collection of links related to Linux kernel security and exploitation

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

🙃 Reverse Shell Cheat Sheet 🙃

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

REST API backend for Reconmap

recon-ng modules for Censys