477 Open source projects that are alternatives of or similar to Badintent

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Just another script for automatize boolean-based blind SQL injections. (Demo)

Selenium powered Python script to automate searching for vulnerable web apps.

Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

Next generation web scanner

A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning

Quick tool for checking CVE-2020-0688 on multiple hosts with a non-intrusive method.

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

This repo will contain some basic pentest/RT commands.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Repository of my CTF writeups

A python tool to check subdomain takeover vulnerability

List of every possible vulnerabilities in computer security.

PowerShell SOCKS proxy with reverse proxy capabilities

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

A pentesting tool inspired by mr robot and derived by zphisher

tcp connection hijacker, rust rewrite of shijack

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

locate and attack Lync/Skype for Business

Quick utility to craft executables for pentesting and managing reverse shells

THE ESP8266 HONEYPOT

🦄🔒 Awesome list of secrets in environment variables 🖥️

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

A burp extender that recalculate signature value automatically after you modified request parameter value.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

This Burp extension helps you to find usages of postMessage and recvMessage

Port scanning and domain utility.

Command line tool that allows you to explore IoT devices by using Shodan API.

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Do some quick reconnaissance on a domain-based web-application

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Facebook Write-ups, PoC, and exploitation codes:

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Hashtopolis - A Hashcat wrapper for distributed hashcracking

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

A bash script for recon and DOS attacks

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

Summary of online learning materials

GSM Assessment Toolkit - A security evaluation framework for GSM networks

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Botnet targeting Windows machines written entirely in Python & open source security project.

Yet Another PHP Shell - The most complete PHP reverse shell

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.