544 Open source projects that are alternatives of or similar to Cobalt_strike_extension_kit

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Tactics, Techniques, and Procedures

Open source pre-operation C2 server based on python and powershell

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Awesome cloud enumerator

Red Teaming Tactics and Techniques

A set of recipes useful in pentesting and red teaming scenarios

DeepSea Phishing Gear

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

OSINT

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

mXtract - Memory Extractor & Analyzer

🚀 Fast Port Scanner 🚀

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

fireELF - Fileless Linux Malware Framework

mosquito - Automating reconnaissance and brute force attacks

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

This repository contains full code examples from the book Gray Hat C#

The Collective. A repo for a collection of red-team projects found mostly on Github.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

Passwords Recovery Tool

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

👻Impost3r -- A linux password thief

Automation for internal Windows Penetrationtest / AD-Security

Venom - A Multi-hop Proxy for Penetration Testers

👻Stowaway -- Multi-hop Proxy Tool for pentesters

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

备考 OSCP 的各种干货资料/渗透测试干货资料

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Extract subdomains from SSL certificates in HTTPS sites.

A bash script for recon and DOS attacks

A REST API security testing framework.

Easy files and payloads delivery over DNS

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

tcp connection hijacker, rust rewrite of shijack

Next generation web scanner

This is a multi-use bash script for Linux systems to audit wireless networks.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Collection of PoC and offensive techniques used by the BlackArrow Red Team

A fast DOM based XSS vulnerability scanner with simplicity.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Overlord - Red Teaming Infrastructure Automation