538 Open source projects that are alternatives of or similar to Credsleaker

Passwords Recovery Tool

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Snoop — инструмент разведки на основе открытых данных (OSINT world)

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

🌒 Shell command obfuscation to avoid detection systems

Hershell is a simple TCP reverse shell written in Go.

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Monitoring your Slack workspaces for sensitive information

Monitoring GitLab for sensitive data shared publicly

Monitoring GitHub for sensitive data shared publicly

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

mXtract - Memory Extractor & Analyzer

A curated list of awesome social engineering resources.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

One stop place for exploiting Jira instances in your proximity

Awesome cloud enumerator

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

Webshell Manager

Tool made to automate tasks of pentesting.

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

Generate Professional Phishing Emails Fast And Easy

Test Blue Team detections without running any attack.

PowerShell module for KeePass

A medium interaction printer honeypot 🍯

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Yar is a tool for plunderin' organizations, users and/or repositories.

Some notes and examples for cobalt strike's functionality

A Blazing fast Security Auditing tool for Kubernetes

An OSINT tool to find contacts in order to report security vulnerabilities.

🔐 Security advisories as a simple composer exclusion list, updated daily

🔐 Docker Container for Penetration Testing & Security

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.

A collection of all the data i could extract from 1 billion leaked credentials from internet.

Find cloud assets that no one wants exposed 🔎 ☁️

泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.

Cameradar hacks its way into RTSP videosurveillance cameras

OSINT Project

🔓 A dynamic dictionary merger for successful dictionary based attacks.

Exploit Development, Reverse Engineering & Cryptography

Anti-keylogger/anti-rat application for Windows

A list of payload and bypass lists for penetration testing and red team infrastructure build.

备考 OSCP 的各种干货资料/渗透测试干货资料