767 Open source projects that are alternatives of or similar to Blackhat Python Book

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

NetCat for Windows

Idiomatic nmap library for go developers

my oscp prep collection

The LAZY script will make your life easier, and of course faster.

A wrapper for Nmap to quickly run network scans

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

Command line tool that allows you to explore IoT devices by using Shodan API.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Vulnerability assessment and penetration testing automation and reporting platform for teams.

A tool to automate penetration tests

A curated list of awesome OSCP resources

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A repository of tools for pentesting of restricted and isolated environments.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

An evil RAT (Remote Administration Tool) for macOS / OS X.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Find cloud assets that no one wants exposed 🔎 ☁️

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

Encoder to bypass WAF filters using XOR operations

🚀 Fast Port Scanner 🚀

NebulousAD automated credential auditing tool.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Network protocol auditing framework

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

RubberDucky like payloads for DigiSpark Attiny85

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Know the dangers of credential reuse attacks.

🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Centralize Vulnerability Assessment and Management for DevSecOps Team

The cheat sheet about Java Deserialization vulnerabilities

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Don't let buffer overflows overflow your mind

Wireshark Cheat Sheet

Penetration Testing Notes and Playbook (PTP)

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

[POC] Asynchronous reverse shell using the HTTP protocol.

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Linux Privilege Escalation Tool By WazeHell

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

The ultimate WinRM shell for hacking/pentesting

Web hacking framework with tools, exploits by python

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Relational database brute force and post exploitation tool for MySQL and MSSQL

Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box