805 Open source projects that are alternatives of or similar to Content Bruteforcing Wordlist

InQL - A Burp Extension for GraphQL Security Testing

Script to automate PUT HTTP method exploitation to get shell

🌒 Shell command obfuscation to avoid detection systems

Reverse proxies cheatsheet

Directory/Subdomain scanner developed in GoLang.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

🚀 Takes minutes to explore the topology of all routable /24 prefixes in IPv4 address space. Now supports IPv6 scan!

The Shadow Attack Framework

Powershell script to setup windows port forwarding using native netsh client

A simple keylogger for Windows, Linux and Mac

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Gorsair hacks its way into remote docker containers that expose their APIs

WhiteWinterWolf's PHP web shell

Bruteforce protection for Django projects based on Redis. Simple, powerful, extendable.

[ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Tools, Frameworks & Libraries to help you build your projects ✨

The extension of Burp Suite for Conviso Platform aims to serve as an integration between them, making the life of an analyst easier, because he can now send vulnerabilities directly from Burp to the platform.

Ruby on Rails Phishing Framework

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Wordpress Attack Suite

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Multi-threaded XMLRPC brute forcer using amplification attacks targeting WordPress installations prior to version 4.4.

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Advanced Hash Manipulation

An evil RAT (Remote Administration Tool) for macOS / OS X.

🔄 A collection of mitmproxy inline scripts

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

Multiprocessing brute-force script written in Python 3

MSDAT: Microsoft SQL Database Attacking Tool

A simple dns resolver of dns-record and web-record log server for pentesting

wifi attacks suite

A Powerful Subdomain Takeover Tool

Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.

Hacker tools on Go (Golang)

Check if a directory is empty.

A web front-end for password cracking and analytics

Python idiomatic SDK for Cortex™ Data Lake.

For all your network pentesting needs

OWASP WEB Directory Scanner

Automated Penetration Testing Framework

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Custom scripts for the PIPER Burp extensions.

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

Find web directories without bruteforce

Subdomain enumeration through various techniques

Go copy directory recursively

A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based interface using WiFi in AP or Client mode. Will work with nearly all devices that contain a standard 5V Wiegand interface. Primary target group is 26-37bit HID Cards. Similar to the Tastic RFID Thief, Blekey, and ESPKey.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

EmbedOS - Embedded security testing virtual machine

burpsuite extension for check and extract sensitive request parameter

Linux privilege escalation checks (systemd, dbus, socket fun, etc)