1775 Open source projects that are alternatives of or similar to Aboutsecurity

Search for Unix binaries that can be exploited to bypass system security restrictions.

Hacker101 CTF Writeup

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

🎯 XML External Entity (XXE) Injection Payload List

Webshell Manager

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Network Pivoting Toolkit

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Quickly analyze and reverse engineer Android packages

scan for NTLM directories

Exfiltration based on custom X509 certificates

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Apache Solr Injection Research

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Penetration Testing notes, resources and scripts

Automated Red Team Infrastructure deployement using Docker

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…

Hershell is a simple TCP reverse shell written in Go.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Hacking Toolkit

Set of tools to audit SIP based VoIP Systems

by ex-googlers, for ex-googlers - a lookup table of similar tech & services

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

🎯 SQL Injection Payload List

A list of resources for those interested in getting started in bug bounties

My notebook for OSCP Lab

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

jSQL Injection is a Java application for automatic SQL database injection.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

做redteam时使用，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

Burp Bounty profiles compilation, feel free to contribute!

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Fast Modular Web Interfaces Bruteforcer

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

cve-2019-0604 SharePoint RCE exploit

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

红队作战中比较常遇到的一些重点系统漏洞整理。

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

The ultimate WinRM shell for hacking/pentesting

Scan for and exploit Consul agents

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Pop shells like a master.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️