427 Open source projects that are alternatives of or similar to Blueshell

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Data leak checker & OSINT Tool

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Snoop — инструмент разведки на основе открытых данных (OSINT world)

🖖 Fast, modern, easy-to-use network scanner

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Jam all wifi clients/routers.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Overlord - Red Teaming Infrastructure Automation

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.

A curated list of awesome infosec courses and training resources.

Goca Scanner

a fast domain brute tool

SIP-Based Audit and Attack Tool

A tool to automate penetration tests

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

Selenium powered Python script to automate searching for vulnerable web apps.

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A fast DOM based XSS vulnerability scanner with simplicity.

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Search for Unix binaries that can be exploited to bypass system security restrictions.

A full-fledged high-performance socks5 proxy server written in C#. Plugin support included.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Next generation web scanner

Pentest Lab on OpenStack with Heat, Chef provisioning and Docker

An automated approach to performing recon for bug bounty hunting and penetration testing.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

🔨 Manage your website via terminal

Free advanced and modern Windows botnet with a nice and secure PHP panel.

SOCKS Protocol Version 5 Library in Go. Full TCP/UDP and IPv4/IPv6 support

Subdomain enumeration through various techniques

Get PROXY List that gets updated everyday

以Xray或v2ray为主、caddy或nginx为辅，结合trojan或trojan-go及naiveproxy等打造科学上网的优化配置及最优组合示例，分享给大家食用及备份。

Extract subdomains from SSL certificates in HTTPS sites.

Pentest/BugBounty progress control with scanning modules

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Rapid SSH Proxy

A tool to make socks connections through HTTP agents

📱 objection - runtime mobile exploration

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

⚡️一个轻巧的网络混淆代理🌏

This repository contains full code examples from the book Gray Hat C#

parse nmap files

Web Recon & Exploitation Tool.

cobaltstrike ms17-010 module and some other

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.