1773 Open source projects that are alternatives of or similar to Ary

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Automated Penetration Testing Framework

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Hacking tools

Advanced vulnerability scanning with Nmap NSE

Misc. Public Reports of Penetration Testing and Security Audits.

hacker, ready for more of our story ! 🚀

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Audit tool to find common vulnerabilities in PHP source code

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Penetration tests guide based on OWASP including test cases, resources and examples.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Common Web Managers Fuzz Wordlists

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Discover Your Attack Surface!

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

Penetration Testing Platform

pentest framework

Python3编写的CMS漏洞检测框架

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Collection of quality safety articles. Awesome articles.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Burp Suite extension to passively scan for applications revealing server error messages

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Simple Karma Attack

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Automatic SSRF fuzzer and exploitation tool

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Hooks in to interesting functions and helps reverse the web app faster.

Git All the Payloads! A collection of web attack payloads.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Vulnerability Recurrence:漏洞复现记录

Burp extension to passively scan for applications revealing software version numbers

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

A wrapper for Nmap to quickly run network scans

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Greenbone Vulnerability Manager

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

XSS'OR - Hack with JavaScript.

web scanner - exploitation - information gathering

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Open source all-in-one CLI tool to semi-automate pentesting.

Source code for Hacker101.com - a free online web and mobile security class.

Security-related PHP7 OPcache abuse tools and demo

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

ADAPT is a tool that performs automated Penetration Testing for WebApps.

Intelligence and Reconnaissance Package/Bundle installer.

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Collection of the cheat sheets useful for pentesting