1023 Open source projects that are alternatives of or similar to Caldera

Rubyfu, where Ruby goes evil!

Small and highly portable detection tests based on MITRE's ATT&CK.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Scripts and a (future) library to improve users' interactions with the ATT&CK content

An ongoing list of virtual cybersecurity conferences.

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.

Fast browser-based network discovery module

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Enumerate information from NTLM authentication enabled web endpoints 🔎

Collection of PowerShell functions a Red Teamer may use to collect data from a machine

Enine boyuna siber güvenlik

easy-to-use payload hosting

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Git All the Payloads! A collection of web attack payloads.

🦄🔒 Awesome list of secrets in environment variables 🖥️

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

SIde-Channel Analysis toolKit: embedded security evaluation tools

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Monitoring GitLab for sensitive data shared publicly

Monitoring your Slack workspaces for sensitive information

Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Awesome Java Security Resources 🕶☕🔐

Code for my 0x00sec.org posts

A tool to fastly get all javascript sources/files

memory search and patch tool on debuggable apk without root & ndk

CTF Cheatsheet

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

CTF竞赛权威指南

CMS Detection and Exploit Kit based on Whatcms.org API

Keeping Twitter for macOS alive with code injection

Discover internet-wide misconfigurations while drinking coffee

OSINT Project

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

Hospitality for Hackers

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Text, samples and website for my 'Effective Shell' series.

ANDRAX The first and unique Penetration Testing platform for Android smartphones

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

retrieve information via O365 with a valid cred

The DevSecOps toolset for REST APIs

Advanced and easy to use penetration testing framework 💣🔎

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

Automated Tactics Techniques & Procedures

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.

The platform used to run picoCTF. A great framework to host any CTF.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.