415 Open source projects that are alternatives of or similar to Citadel

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

A tool to automate penetration tests

Attack Surface Management Platform | Sn1perSecurity LLC

small python3 tool to check common vulnerabilities in SMTP servers

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

Extract subdomains from SSL certificates in HTTPS sites.

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

locate and attack Lync/Skype for Business

This is a multi-use bash script for Linux systems to audit wireless networks.

Port scanning and domain utility.

Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

OSINT

平常看到好的渗透hacking工具和多领域效率工具的集合

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Linux Rootkits (4.x Kernel)

PowerShell SOCKS proxy with reverse proxy capabilities

A REST API security testing framework.

A pentesting tool inspired by mr robot and derived by zphisher

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Web Pentesting Fuzz 字典,一个就够了。

Awesome cloud enumerator

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

This repository contains full code examples from the book Gray Hat C#

Selenium powered Python script to automate searching for vulnerable web apps.

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning

Search for Directory Traversal Vulnerabilities

This repo will contain some basic pentest/RT commands.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

A python tool to check subdomain takeover vulnerability

THE ESP8266 HONEYPOT

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A fully automatic wifi deauther coded in Python

A bash script for recon and DOS attacks

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

Just another script for automatize boolean-based blind SQL injections. (Demo)

tcp connection hijacker, rust rewrite of shijack

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

Quick utility to craft executables for pentesting and managing reverse shells

A fast DOM based XSS vulnerability scanner with simplicity.

Next generation web scanner

Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️

🦄🔒 Awesome list of secrets in environment variables 🖥️

POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞， 对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC

Quick tool for checking CVE-2020-0688 on multiple hosts with a non-intrusive method.

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Command line tool that allows you to explore IoT devices by using Shodan API.