564 Open source projects that are alternatives of or similar to Cansina

A web front-end for password cracking and analytics

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

mXtract - Memory Extractor & Analyzer

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Idiomatic nmap library for go developers

kube-scan: Octarine k8s cluster risk assessment tool

a tool to analyze filesystem images for security

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Automatic SQL injection and database takeover tool

Gorsair hacks its way into remote docker containers that expose their APIs

fireELF - Fileless Linux Malware Framework

Easy files and payloads delivery over DNS

All MITM attacks in one place.

Open-Source Ransomware As A Service for Linux, MacOS and Windows

🔨 A modern multiple reverse shell sessions manager wrote in go

🤖 The Modern Port Scanner 🤖

Attack Surface Management Platform | Sn1perSecurity LLC

Python3 tool to perform password spraying using RDP

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Open Redirect Payloads

Useful tools and scripts during Penetration Testing engagements

Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

Tracking CVEs for the linux Kernel

Open source pre-operation C2 server based on python and powershell

network reconnaissance toolkit

The Shadow Attack Framework

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Tactics, Techniques, and Procedures

Credential stuffing engine built for security professionals

Collection of pentesting scripts

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Automatically Launch Google Hacking Queries Against A Target Domain

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

👻 A LAN dropbox chatbot controllable via Telegram

Automatic SQL injection with Charles and sqlmap api

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

HostHunter a recon tool for discovering hostnames using OSINT techniques.

OSINT

A tool to automate penetration tests

An NFC research toolkit application for Android

Technical details that a programmer of a web application should consider before making the site public.

Extract subdomains from SSL certificates in HTTPS sites.

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Intelligence tool but without API key

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

This is a multi-use bash script for Linux systems to audit wireless networks.

A framework for Backdoor development!

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Web-based Source Code Vulnerability Scanner