1023 Open source projects that are alternatives of or similar to Caldera

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A python module for working with ATT&CK

MITRE Shield website

The all-in-one Red Team extension for Web Pentester 🛠

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

ATT&CK Evaluations website (DEPRECATED)

See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Web application vulnerability scanner

Penetration Testing notes, resources and scripts

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

A front-end JavaScript toolkit for creating DNS rebinding attacks.

📝 ⌨️ A GNU/Linux keylogger that works!

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

The Collective. A repo for a collection of red-team projects found mostly on Github.

DNS Rebinding Exploitation Framework

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

ParadoxiaRat : Native Windows Remote access Tool.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Small and highly portable detection tests based on MITRE's ATT&CK.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Hacking Toolkit

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

Web app that provides basic navigation and annotation of ATT&CK matrices

Asynchronous Python implementation of SlowLoris DoS attack

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

安全编排与自动化响应平台

Explore Indicators of Compromise Automatically

🔪 Leak git repositories from misconfigured websites

Fast browser-based network discovery module

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Get All Registered Wifi Passwords from Target Computer.

A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.

Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

An ongoing list of virtual cybersecurity conferences.

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

Collection of PowerShell functions a Red Teamer may use to collect data from a machine

Enine boyuna siber güvenlik

Monitoring your Slack workspaces for sensitive information

Monitoring GitLab for sensitive data shared publicly

Python library and CLI for the Bug Bounty Recon API

Detecting ATT&CK techniques & tactics for Linux