740 Open source projects that are alternatives of or similar to Behold3r

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

备考 OSCP 的各种干货资料/渗透测试干货资料

OneForAll是一款功能强大的子域收集工具

Automation for internal Windows Penetrationtest / AD-Security

Pentesting/Bugbounty Dockerfiles.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Monitoring GitLab for sensitive data shared publicly

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Collection of PowerShell functions a Red Teamer may use to collect data from a machine

Extract subdomains from SSL certificates in HTTPS sites.

Network Pivoting Toolkit

👻Impost3r -- A linux password thief

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Functions that can be used to gain Reverse Shells with PowerShell

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

Offensive Reverse Shell (Cheat Sheet)

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Enumerate information from NTLM authentication enabled web endpoints 🔎

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

Handbook of information collection for penetration testing and src

A Domain Name & Email Address Collection Tool

Monitoring GitHub for sensitive data shared publicly

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Awesome cloud enumerator

Subdomain enumeration through various techniques

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Overlord - Red Teaming Infrastructure Automation

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Venom - A Multi-hop Proxy for Penetration Testers

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.

Attack Surface Management Platform | Sn1perSecurity LLC

一款适用于红蓝对抗中的仿真钓鱼系统

The Collective. A repo for a collection of red-team projects found mostly on Github.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

🔑 Hash type identifier (CLI & lib)

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

The all-in-one Red Team extension for Web Pentester 🛠

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

🔐 Docker Container for Penetration Testing & Security

Tool Information Gathering Write By Python.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

基于Threathunting-book基础上完善的狩猎视角红队handbook

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

A tool for generating reverse shell payloads on the fly.

Monitoring your Slack workspaces for sensitive information

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

🌒 Shell command obfuscation to avoid detection systems

Dumain Bruteforcer - a fast and flexible domain bruteforcer

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Threat Hunting queries for various attacks

Repository for threat hunting and detection queries, tools, etc.