427 Open source projects that are alternatives of or similar to Blueshell

Cheat-Sheet of tools for penetration testing

Pop shells like a master.

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo

Burp Bounty profiles compilation, feel free to contribute!

It's a tool which generate a dictionary from a csv containing personals informations. Generate all common passwords based on perso info. (leet transformations and combinatory processing)

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Find exploits in local and online databases instantly

🔨 Manage your website via terminal

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

BloodHound Docker Ready to Use

RFD Checker - security CLI tool to test Reflected File Download issues

This powershell script has got to run in remote hacked windows host, even for pivoting

Simple Karma Attack

Turn your VPS into an attack box

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

Free advanced and modern Windows botnet with a nice and secure PHP panel.

This challenge is Inon Shkedy's 31 days API Security Tips.

VNC pentest tool with bruteforce and ducky script execution features

Burp Suite extension to passively scan for applications revealing server error messages

My notebook for OSCP Lab

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Related subdomains finder

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

SOCKS Protocol Version 5 Library in Go. Full TCP/UDP and IPv4/IPv6 support

Burp extension to passively scan for applications revealing software version numbers

🧮 SOCKS5/4/4a 🌾 validating proxy pool and upstream SOCKS5 server for 🤽 LOLXDsoRANDum connections 🎋

Phishing Tool & Information Collector

This program focuses on automating the download, installation and compilation of pentest tools from source

Chef repository for pentesting tools

汽车/安卓/固件/代码安全测试工具集

CVE-2016-8610 (SSL Death Alert) PoC

Subdomain enumeration through various techniques

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

These are some of the commands which I use frequently during Malware Analysis and DFIR.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Provides various Windows Server Active Directory (AD) security-focused reports.

[unmaintained] Post-exploitation tool

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Get PROXY List that gets updated everyday

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Pentest: Subdomains enumeration tool for penetration testers.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Find and notify users in your Active Directory with weak passwords

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Monitoring GitHub for sensitive data shared publicly

Generate unicode evil domains for IDN Homograph Attack and detect them.

以Xray或v2ray为主、caddy或nginx为辅，结合trojan或trojan-go及naiveproxy等打造科学上网的优化配置及最优组合示例，分享给大家食用及备份。

A Phishing Dropper designed to Pentest.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Open Redirect Payloads

A SOCKS (SOCKS4, SOCKS4A and SOCKS5) Proxy Package for Go

A collection of useful Python hacking scripts for beginners

A (partial) Python rewriting of PowerSploit's PowerView

Password-protected writeups of HTB platform (challenges and boxes) https://cesena.github.io/

ICMP/IP tunnel manager for Linux.

Multiplatform payload dropper