805 Open source projects that are alternatives of or similar to Content Bruteforcing Wordlist

Web path scanner

hydra

generates weak passwords based on current date

Fast Modular Web Interfaces Bruteforcer

Relational database brute force and post exploitation tool for MySQL and MSSQL

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

Bruteforce database

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

🔐 Docker Container for Penetration Testing & Security

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

AVAX is a small, modern and fast console application for decrypting passwords with certain options.

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server

Privilege Escalation Enumeration Script for Windows

Browse and search through nmap's NSE scripts.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

BruteForce Tool For both Instagram and Facebook

A unified console to perform the "kill chain" stages of attacks.

A powerful and useful hacker dictionary builder for a brute-force attack

Instagram password bruteforcer

Automation for internal Windows Penetrationtest / AD-Security

Automated brute-forcing attack tool.

Exploit Pack -The next generation exploit framework

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

The Last Web Recon Tool You'll Need

CVE-2016-8610 (SSL Death Alert) PoC

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

DNS Sub-domain brute forcer, in Python + gevent

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Automatically brute force all services running on a target.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Adds a customizable "Send to..."-context-menu to your BurpSuite.

Hacking Toolkit

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Rate-limiting middleware for Koa2 ES6. Use to limit repeated requests to APIs and/or endpoints such as password reset.

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

A Common User Passwords generator script that looks like the tool Eliot used it in Mr.Robot Series Episode 01 :D :v

Venom - A Multi-hop Proxy for Penetration Testers

(Doesn't work anymore)

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

SSRF (Server Side Request Forgery) testing resources

备考 OSCP 的各种干货资料/渗透测试干货资料

Set of tools to audit SIP based VoIP Systems

A tool to test security of json web token

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

A high performance offensive security tool for reconnaissance and vulnerability scanning

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

An extensible application for penetration testers and software developers to decode/encode data into various formats.