468 Open source projects that are alternatives of or similar to certexfil

Red Teaming Tactics and Techniques

One line PS scripts that may come handy during your network assesment

A collection of Cobalt Strike aggressor scripts

Functions that can be used to gain Reverse Shells with PowerShell

Red Teaming Tactics and Techniques

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

This repository contains full code examples from the book Gray Hat C#

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Av…

List of Awesome Red Teaming Resources

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Just another useless C2 occupying space in some HDD somewhere.

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

A list of payload and bypass lists for penetration testing and red team infrastructure build.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Offensive Reverse Shell (Cheat Sheet)

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Search for Unix binaries that can be exploited to bypass system security restrictions.

transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV

The purpose of this tool is to test the window10 defender protection and also other antivirus protection.

Better SSL in Nginx in 10 minutes. Configuration files and setup scripts for Certbot.

Wordlists and passwords handcrafted with ♥

一个简单实用的FOFA客户端 By flashine

openssl_ca with QT GUI

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Red TL;DR Database is a set of text data that provides search for red-tldr. If you don’t know red-tldr yet, please read the documentation and try it out.

基于Threathunting-book基础上完善的狩猎视角红队handbook

CTjs is a full set of classes necessary to work with any kind of Certificate Transparency log (V1 as from RFC6962, or V2 as from RFC6962-bis). In CTjs you could find all necessary validation/verification functions for all related data shipped with full-featured examples showning how to validate/verify. Also in scope of CTjs I made code showing e…

🔎 Find usernames across social networks

C++ Windows Reverse Shell - Universal DLL Hijack | SSL Encryption | Statically Linked

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.

bruteforcing gmail (TLS/SSL)

A repository to showcase my completed courses on the Coursera platform.

A Frida script to disable SSL certificate pinning in a target application

🎖 Repository for requesting app certificates

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

🌒 Shell command obfuscation to avoid detection systems

A set of tools to manage objects on PKCS#11 crypotographic tokens. Compatible with any PKCS#11 library, including NSS.

渗透测试☞经验/思路/总结/想法/笔记

automated password spraying tool

Simple DLL that add a user to the local Administrators group

A little tool to play with Outlook

📗 Terraform Module for Nomad clusters with Consul on GCP

X.509 Swiss Army Knife is a toolkit atop OpenSSL to ease generation of CAs and aid white-hat pentesting

UI state management with RxJS.

ROP Benchmark is a tool to compare ROP compilers

Create and use code signing certificates with PowerShell

Deploy Google and Wikipedia mirror with one command using now.sh.

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.

A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.

Demo for Client Certificate Authentication with Node.js Tutorial

red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel with certain experience.

Simple TLS Client/Server with Node.js

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Amazon SNS/SQS client library that enables sending and receiving messages with payload larger than 256KiB via Amazon S3.

DEPRECATED DigiDoc3 Client is a program that can be used to sign digitally with ID-card and Mobile-ID, check the validity of digital signatures and open and save documents inside the signature container.

Cloud Signature Consortium Remote Signature Service Provider in Node.js

🐳 Dockerize your Django application.