685 Open source projects that are alternatives of or similar to Burpsuite Asset_discover

备考 OSCP 的各种干货资料/渗透测试干货资料

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

RubberDucky like payloads for DigiSpark Attiny85

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

File upload vulnerability scanner and exploitation tool.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Study Notes For Web Hacking / Web安全学习笔记

A unified console to perform the "kill chain" stages of attacks.

A tool to test security of json web token

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Passwords Recovery Tool

A simple dns resolver of dns-record and web-record log server for pentesting

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

fully automated pentesting tool

For all your network pentesting needs

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A script written lazily for generating cross-platform backdoors on the go :)

internet monitoring osint telegram bot for windows

Windows one line commands that make life easier, shortcuts and command line fu.

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

🔐 Docker Container for Penetration Testing & Security

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Authors

A tool to abuse Exchange services

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

Open Source Intelligence Browser Extension

Set of tools to audit SIP based VoIP Systems

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

👀 Some of my favorite OSINT tools.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

📡 A python program to create a fake AP and sniff data.

OnionSearch is a script that scrapes urls on different .onion search engines.

Human and machine readable web vulnerability testing format

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Python library and CLI for the Bug Bounty Recon API

🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:

Python network worm that spreads on the local network and gives the attacker control of these machines.

Adds a customizable "Send to..."-context-menu to your BurpSuite.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Paskto - Passive Web Scanner

Linux enumeration tool for pentesting and CTFs with verbosity levels

The most complete open-source tool for Twitter intelligence analysis

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

An evil RAT (Remote Administration Tool) for macOS / OS X.

Elasticsearch for Offensive Security

A toolkit for Security Researchers

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

The cheat sheet about Java Deserialization vulnerabilities

The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.

Каталог нетсталкерских ресурсов, команд, инструментов, источников контента.

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.