1584 Open source projects that are alternatives of or similar to Commix

File upload vulnerability scanner and exploitation tool.

Automatic SQL injection and database takeover tool

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Sifter aims to be a fully loaded Op Centre for Pentesters

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

A python tool to check subdomain takeover vulnerability

Linux and Windows shellcode enrichment utility

mXtract - Memory Extractor & Analyzer

Rockyou for web fuzzing

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Intelligence tool but without API key

Notes for taking the OSCP in 2097. Read in book form on GitBook

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Exploit Pack -The next generation exploit framework

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Subdomain Takeover tool written in Go

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Automation for internal Windows Penetrationtest / AD-Security

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Centralize Vulnerability Assessment and Management for DevSecOps Team

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

fireELF - Fileless Linux Malware Framework

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Web path scanner

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

A Powerful Subdomain Takeover Tool

Dump exposed HTTP .git fast

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

OSINT

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

fully automated pentesting tool

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

A Python3 based single-file subdomain enumerator

Default signature for Jaeles Scanner

A high performance offensive security tool for reconnaissance and vulnerability scanning

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Hetty is an HTTP toolkit for security research.

A fast DOM based XSS vulnerability scanner with simplicity.

Responsive Command and Control System

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A tool to fastly get all javascript sources/files