792 Open source projects that are alternatives of or similar to awesome-pentest-tools

无状态子域名爆破工具

OSINT tool for finding profiles by username

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Reconnaissance tool of Penetration test & Bug Bounty

Tetra3D is a 3D hybrid software/hardware renderer made for games written in Go with Ebitengine.

A Suite of Tools written in Python for wireless auditing and security testing.

RunasCs - Csharp and open version of windows builtin runas.exe

Pentest/BugBounty progress control with scanning modules

A C2 post-exploitation framework

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

A wrapping script to query the default password list maintained by cirn.net... << Thank them.

Scalable genomic data analysis.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Vagrant VirtualBox environment for conducting an internal network penetration test

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

The CAN Injection Toolkit

Image Payload Creating/Injecting tools

A list of useful payloads for Web Application Security and Pentest/CTF

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)

Instagram multi-bruteforce Platfrom

onex is a hacking tool installer and package manager for hackers. Onex is a library of all hacking tools for Termux and other Linux distributions. onex can install any third party tool or any hacking tool for you.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Website for the malleable systems and software community

hack tools

Collection of the cheat sheets useful for pentesting

Low level software for the SMART response XE

Fedy makes it easy to install third-party software in Fedora.

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

A list of security/hacking tools that have been collected from the internet. Suggestions are welcomed.

Implement WSUSpendu attack

HostHunter a recon tool for discovering hostnames using OSINT techniques.

NTP Doser is a NTP Amplification DoS/DDoS attack tool for penttesting

linux post-exploitation framework made by linux user

Inject malicious code into *.debs

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

useful pentest note

ParadoxiaRat : Native Windows Remote access Tool.

[unmaintained] Post-exploitation tool

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Become a Github Rockstar in less than 10 seconds

Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.

Multiplatform payload dropper

Chromepass - Hacking Chrome Saved Passwords

python functions for applied use of schema.org

Web application vulnerability scanner

Tool for catching and logging different types of requests.

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

Secure boot for 32-bit Microcontrollers!

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

A search application to explore, discover and share online files

parse nmap files

WiFi Cracking Tool (Using Evil Twin Attack) With Some Modification. (Only For Legal Purposes)

iMeals is a Open Source Restaurant Software for Food Delivery and Restaurant Management

Burp Commander written in Go

An full HTTP server for Phishing. Downloads recursively the entire webpage.

JSON RSA to HMAC and None Algorithm Vulnerability POC