927 Open source projects that are alternatives of or similar to Cc.py

WhiteWinterWolf's PHP web shell

A set of recipes useful in pentesting and red teaming scenarios

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Responsive Command and Control System

For all your network pentesting needs

Phishing catcher using Certstream

#OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API

Default signature for Jaeles Scanner

Open Source Intelligence Browser Extension

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Awesome Writeups and POCs

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Weaponizing Live CT logs for automated monitoring of assets

OSINT Tool to find Breached Credit Cards Information

Amazon S3 bucket spelunking!

A Virtual environment for Pentesting IoT Devices

File upload vulnerability scanner and exploitation tool.

Your Google Recon is Now Automated

Fast browser-based network discovery module

A unified console to perform the "kill chain" stages of attacks.

Set of tools to audit SIP based VoIP Systems

Find exploits in local and online databases instantly

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

Community curated list of public bug bounty and responsible disclosure programs.

The Leading Security Assessment Framework for Android.

Awesome Nmap Grep

Cross Origin Resource Sharing MisConfiguration Scanner

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

An OSINT Metadata analyzing tool that filters through tags and creates reports

MISP trainings, threat intel and information sharing training materials with source code

Smart OSINT collection of common IOC types

Python network worm that spreads on the local network and gives the attacker control of these machines.

A curated list of awesome social engineering resources.

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Extract API keys from file or url using by magic of python and regex.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

An evil RAT (Remote Administration Tool) for macOS / OS X.

RFD Checker - security CLI tool to test Reflected File Download issues

The OSINT Omnibus (beta release)

PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Browse and search through nmap's NSE scripts.

Evaluate the security of S3 buckets

Micro-framework for rapid development of reusable security tools

🚀 Fast Port Scanner 🚀

Vagrant VirtualBox environment for conducting an internal network penetration test

The unofficial HackerOne disclosure Timeline

🔐 Docker Container for Penetration Testing & Security

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Automating XSS using Bash

Change monitoring app that checks the content of web pages in different periods.

📡 A python program to create a fake AP and sniff data.

A tool to check a bunch of URLs that contain reflecting params.