506 Open source projects that are alternatives of or similar to Badpods

Penetration test Achieve Knowledge Unite Rapid Interface

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Sifter aims to be a fully loaded Op Centre for Pentesters

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Penetration Testing Platform

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

An advanced graphical search engine for Exploit-DB

Simple Karma Attack

Burp Suite extension to passively scan for applications revealing server error messages

Detect hidden files and text in images

📚 VoidHack CTF write-ups

Forward shell generation framework

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Learning Penetration Testing of Android Applications

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

Post-Exploitation Framework

Responsive Command and Control System

Python Books for Security

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Good to know, easy to forget information about binaries and their exploitation!

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

My solutions to some CTF challenges and a list of interesting resources about pwning stuff

Security Tool to Look For Interesting Files in S3 Buckets

A documentation about how to hack Minecraft servers

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A portable console aimed at making pentesting with PowerShell a little easier.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

iOS/macOS/Linux Remote Administration Tool

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

Discover Your Attack Surface!

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Exploitation and Mitigation Slides

Exploit code for CVE-2016-9066

Writeup of CVE-2020-15906

The Collective. A repo for a collection of red-team projects found mostly on Github.

Infection vector that bypasses AV, IDS, and IPS. (For now...)

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Remote exploitation framework written in Python

Blind Attacking Framework

Automated Penetration Testing Framework

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

The Offensive Manual Web Application Penetration Testing Framework.