703 Open source projects that are alternatives of or similar to ADMMutate

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

my oscp prep collection

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Yet Another PHP Shell - The most complete PHP reverse shell

Advanced vulnerability scanning with Nmap NSE

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Self contained htaccess shells and attacks

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

A collection of hacking / penetration testing resources to make you better!

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Quick SQL Scanner, Dorker, Webshell injector PHP

Multi source CVE/exploit parser.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Purelove is a lightweight penetration testing framework, in order to better security testers testing holes with use.

Metasploit framework with steroids

DoS PoC's for SAP products

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

ARM rop chain gadget searcher

Web Penetration Testing with Kali Linux - Third Edition, published by Packt

Hourly updated database of exploit and exploitation reports

Brahma - Privilege elevation exploit for Nintendo 3DS

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

pentest toolbox

This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

Drupal < 7.58 - Drupalgeddon 3 Authenticated Remote Code Execution (Metasploit)

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

Work in progress...

Proof of concept of VMSA-2017-0012

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

PowerShell payload generator

Webshell Jumping Edition

free exploit framework written use python language version 3.3

Exploit PollDaddy polls

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

Microsoft Azure Exploitation Framework

Turn PuTTY into an SSH login bruteforcing tool.

A dictionary attack tool for PostgreSQL and MSSQL

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Kali image with kali-linux-full metapackage installed, build every night.

Hack The Printer

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Pentest: Subdomains enumeration tool for penetration testers.

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

A Tool that Finds, Enumerates, and Exploits Reolink Cameras.

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

GitLab CE/EE Preauth RCE using ExifTool

🛠️ Tool to bypass my school's security system to get sudo privileges on MacOS