434 Open source projects that are alternatives of or similar to brutas

large hashcat rulesets generated from real-world compromised passwords

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

cracke-dit ("Cracked It") makes it easier to perform regular password audits against Active Directory environments.

Tool to generate smart and powerful wordlists

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Enumerate information from NTLM authentication enabled web endpoints 🔎

A web front-end for password cracking and analytics

A Go implementation of dirsearch.

Collection of PowerShell functions a Red Teamer may use to collect data from a machine

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

A collection of wordlists dictionaries for password cracking

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

Passwords Recovery Tool

Wordlist, rules and masks from Kaonashi project (RootedCON 2019)

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Web path scanner

Extract endpoints marked as disallow in robots files to generate wordlists.

PoC script showing that MacOS leaves the wireless key in NVRAM, in plaintext and accessible to anyone.

Python-based CLI Password Analyser (Reporting Tool)

Bash script for CTF automating basic enumeration

Purple Team Exercise Framework

Scan for and exploit Consul agents

一个简单实用的FOFA客户端 By flashine

Password lists with top passwords to optimize bruteforce attacks

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

The GAP package Semigroups

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Automatic Reverse Shell Generator

Simple CLI script to check if you have a password that has been compromised in a data breach.

Brutal Wordlist Generator is a java based Application software used to generate the wordlist with best of UX interface

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes

Get GTFOBins info about a given exploit from the command line

Python AV Evasion Tools

Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

Automated script to run all modules for a specified list of domains, netblocks or company name

A Logger backend that logs JSON

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

基于Threathunting-book基础上完善的狩猎视角红队handbook

Cobalt Strike AggressorScripts For Red Team

Hashcat WPA/WPA2 server

automated password spraying tool

Terribad PrivEsc enumeration script for Windows systems

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

A list of the top 10,000 most-used passwords from hacked password lists.

An Alfred 4 workflow that allows you to quickly generate strong passwords.

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

🌒 Shell command obfuscation to avoid detection systems

A Mongoose plugin that lets you transparently cipher stored PII and use securely-hashed passwords

Mass querying whois records

A tool that automates the process of enumeration

Simple DLL that add a user to the local Administrators group

A support library for Ronin. Like activesupport, but for hacking!

One stop place for exploiting Jira instances in your proximity

A Python script to steal all the passwords via the use of plugins 😈

A Cobalt Strike Aggressor script to generate GadgetToJScript payloads

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.