538 Open source projects that are alternatives of or similar to Credsleaker

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

Windows one line commands that make life easier, shortcuts and command line fu.

Generate Professional Phishing Emails Fast And Easy

Detect silent (unwanted) changes to files on your system

A medium interaction printer honeypot 🍯

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Your Social Engineering Sidekick

Yar is a tool for plunderin' organizations, users and/or repositories.

Know the dangers of credential reuse attacks.

Some notes and examples for cobalt strike's functionality

Wireshark Cheat Sheet

🔐 Docker Container for Penetration Testing & Security

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

Red Teaming Tactics and Techniques

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

A list of payload and bypass lists for penetration testing and red team infrastructure build.

An ongoing list of virtual cybersecurity conferences.

A CloudFormation custom resource provider for deploying secrets and keys

The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

A collection of all the data i could extract from 1 billion leaked credentials from internet.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统

New UAC bypass for Silent Cleanup for CobaltStrike

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

📡 A python program to create a fake AP and sniff data.

Exploit Development, Reverse Engineering & Cryptography

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Anti-keylogger/anti-rat application for Windows

备考 OSCP 的各种干货资料/渗透测试干货资料

A toolkit for Security Researchers

Operational Security utility and automator.

A PowerShell module to deploy active directory decoy objects.

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

Hawkeye filesystem analysis tool

Notes Taken for HTB Machines & InfoSec Community.

Project to enumerate proxy configurations and generate shellcode from CobaltStrike

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB.

DLL Password Filter Implant with Exfiltration Capabilities

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

protocol fuzzing toolkit

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

🔺 Red Team Hardware Toolkit 🔺

A proposed standard that allows websites to define security policies.

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

Common password pattern generator using strings list

Agile Threat Modeling Toolkit

Collection of quality safety articles. Awesome articles.

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.