964 Open source projects that are alternatives of or similar to Black Hat Rust

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Bifrost C2. Open-source post-exploitation using Discord API

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

C2/post-exploitation framework

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A curated list of awesome OSCP resources

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

The Collective. A repo for a collection of red-team projects found mostly on Github.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A fast DOM based XSS vulnerability scanner with simplicity.

A wrapper for Nmap to quickly run network scans

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

Extract subdomains from SSL certificates in HTTPS sites.

Next generation web scanner

The all-in-one Red Team extension for Web Pentester 🛠

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Vagrant VirtualBox environment for conducting an internal network penetration test

Passwords Recovery Tool

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Wiki to collect Red Team infrastructure hardening resources

Related subdomains finder

The ultimate WinRM shell for hacking/pentesting

A tool to test security of json web token

A tool to automate penetration tests

A Cloudflare resolver that works

A bash script for recon and DOS attacks

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Red Teaming Tactics and Techniques

A tool for generating reverse shell payloads on the fly.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Intelligence and Reconnaissance Package/Bundle installer.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Phishing Tool & Information Collector

🔐 Docker Container for Penetration Testing & Security

Hawkeye filesystem analysis tool

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

A collection of useful scripts for Cobalt Strike

It records your terminal, then lets you upload to ASHIRT

Pentest: Subdomains enumeration tool for penetration testers.

Autowin is a framework that helps organizations simulate custom attack scenarios in order to improve detection and response capabilities.

Work in progress...

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

A Tool for Domain Flyovers

[unmaintained] Post-exploitation tool

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Yet Another PHP Shell - The most complete PHP reverse shell

SIP-Based Audit and Attack Tool

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Linux Rootkits (4.x Kernel)

A python tool to check subdomain takeover vulnerability

🦄🔒 Awesome list of secrets in environment variables 🖥️

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.