1773 Open source projects that are alternatives of or similar to Ary

A fast DOM based XSS vulnerability scanner with simplicity.

Linux post exploitation privilege escalation enumeration

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Vulnerability Recurrence:漏洞复现记录

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Pentest Report Generator

The best and easiest way to decode and repack AWVS scripts. AWVS 最好、最简单、最新的解码/再打包方法，仅15行代码！

Python3编写的CMS漏洞检测框架

Collection of quality safety articles. Awesome articles.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Go Web Application Penetration Test

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Powerfull XSS Scanning and Parameter analysis tool&gem

🔪Browser logic vulnerabilities ☠️

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A list of resources for those interested in getting started in bug bounties

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Advanced dork Search & Mass Exploit Scanner

A curated list of awesome OSCP resources

Vulnerability Dashboard

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

SQL Vulnerability Scanner

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

A wrapper for Nmap to quickly run network scans

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Greenbone Vulnerability Manager

Burp extension to passively scan for applications revealing software version numbers

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

Burp Suite extension to passively scan for applications revealing server error messages

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Browser's XSS Filter Bypass Cheat Sheet

web scanner - exploitation - information gathering

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

XSS'OR - Hack with JavaScript.

Vagrant VirtualBox environment for conducting an internal network penetration test

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Security-related PHP7 OPcache abuse tools and demo

Poc Collected for study and develop

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Open source all-in-one CLI tool to semi-automate pentesting.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

A tool to test security of json web token

Source code for Hacker101.com - a free online web and mobile security class.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Hooks in to interesting functions and helps reverse the web app faster.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

🔐 Docker Container for Penetration Testing & Security

Intelligence and Reconnaissance Package/Bundle installer.

Next generation web scanner

Hacker101 CTF Writeup

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules