433 Open source projects that are alternatives of or similar to Arp Spoofer

Useful tools and scripts during Penetration Testing engagements

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Pentest: Subdomains enumeration tool for penetration testers.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

GUI based offensive penetration testing tool (Open Source)

GhostNET script that will help you be safer on the cyber

Dradis Framework: Colllaboration and reporting for IT Security teams

Quick SQL Scanner, Dorker, Webshell injector PHP

Automated Cyber Offense

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

A pure-Python Network Packet Sniffing tool

This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.

Intercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic

Work in progress...

Pentest Report Generator

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Forward shell generation framework

SuperSocket 1.6 버전의 .NET Core 포팅

Sifter aims to be a fully loaded Op Centre for Pentesters

Turn PuTTY into an SSH login bruteforcing tool.

CoreBGP is a BGP library written in Go that implements the BGP FSM with an event-driven, pluggable model.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Steganography brute-force utility to uncover hidden data inside files

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

Learning Penetration Testing of Android Applications

🔥 A high-performant UDP load generator, written in Rust

A Golang implant that uses Slack as a command and control server

A framework for network function development. Written in Rust, inspired by NetBricks and built on DPDK.

Automated Security Testing For REST API's

The LAZY script will make your life easier, and of course faster.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Post-Exploitation Framework

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

A Tools Session Hijacking And Stealer Local Passcode Telegram Windows

Mobile penetration testing android & iOS command cheatsheet

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Python Books for Security

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

Web Application Security Scanner

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

A simple tool for interacting with OWASP ZAP from the commandline.

Generates malicious LNK file payloads for data exfiltration

A Curated List of Game Network Programming Resources

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Simple Karma Attack

Library for distribution canvas animation over set of devices

Code from Blackhat Python book

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Collection of tips, tools and tutorials around infosec

A clojure framework for nonblocking network programming