637 Open source projects that are alternatives of or similar to BURN

Little tool made in python to create payloads for Linux, Windows and OSX with unique handler

Post-Exploitation Framework

Sandfly Security Agentless Compromise and Intrusion Detection System For Linux

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

unix SSH post-exploitation 1337 tool

Free Security and Hacking eBooks

Wipe files and drives securely with randoms ASCII dicks

Awesome hacking is an awesome collection of hacking tools.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Android Apps, Roms and Platforms for Pentesting

tamper resistant audit log

An open-source post-exploitation framework for students, researchers and developers.

Sifter aims to be a fully loaded Op Centre for Pentesters

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

备考 OSCP 的各种干货资料/渗透测试干货资料

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

The scalable, auditable and high-performance tamper-evident log project

Forensics triage tool relying on Volatility and Foremost

Web Penetration Testing with Kali Linux - Third Edition, published by Packt

This is the ToRat client, a part of the ToRat Project.

Examine, create and interact with remote objects in other .NET processes.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

A C2 post-exploitation framework

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

Multi source CVE/exploit parser.

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

No description or website provided.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

Tools used for Penetration testing / Red Teaming

CoRA Docs

An Incident Response tool to extract console command history and screen output buffer

Pentest: Subdomains enumeration tool for penetration testers.

A dictionary attack tool for PostgreSQL and MSSQL

Deep Learning Tool for Off-line Network Intrusion Detection System

No description or website provided.

Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )

Collect email addresses by crawling search engine results.

📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

Open Source SIEM (Security Information and Event Management system).

Automated Web Recon Shell Scripts

Bash script that automates the enumeration of domains and DNS servers in the active information gathering.

Tool to sort large collections of files according to common typologies

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

Quick SQL Scanner, Dorker, Webshell injector PHP

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

GoPhish Templates that I have retired and/or templates I've recreated.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Monitor network traffic per executable using BPF

A basic AIX enumeration guide for penetration testers/red teamers

pentest toolbox

Change CRC checksums of your files.

This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Work in progress...

Cheat-Sheet of tools for penetration testing