1135 Open source projects that are alternatives of or similar to Blackmamba

A curated list of awesome OSCP resources

☠️ The Pathwar Project ☠️

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

SSRF (Server Side Request Forgery) testing resources

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

XSS'OR - Hack with JavaScript.

Offensive tools as Dockerfiles. Lightweight & Ready to go

Multi OTP Spam Amp/Paralell threads

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Exploit Pack -The next generation exploit framework

🔑 Hash type identifier (CLI & lib)

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Yet Another PHP Shell - The most complete PHP reverse shell

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Adversary Simulation Framework

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Find exploit tool

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

A REST API security testing framework.

Fast directory scanning and scraping tool

Intelligence and Reconnaissance Package/Bundle installer.

A ZigBee hacking toolkit by Bishop Fox

Extract subdomains from SSL certificates in HTTPS sites.

A C2 post-exploitation framework

Quick SQL Scanner, Dorker, Webshell injector PHP

generates weak passwords based on current date

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

A tool to automate penetration tests

Network Pivoting Toolkit

Autowin is a framework that helps organizations simulate custom attack scenarios in order to improve detection and response capabilities.

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

🌒 Shell command obfuscation to avoid detection systems

👻Impost3r -- A linux password thief

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

This powershell script has got to run in remote hacked windows host, even for pivoting

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

Web Recon & Exploitation Tool.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Next generation web scanner

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Python 3.5+ DNS asynchronous brute force utility

Subdomain enumeration through various techniques

Search for Directory Traversal Vulnerabilities

Overlord - Red Teaming Infrastructure Automation

network reconnaissance toolkit

🔨 Manage your website via terminal

The all-in-one Red Team extension for Web Pentester 🛠

Automate Pentest Tool

hydra

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Open Redirect Payloads