538 Open source projects that are alternatives of or similar to Credsleaker

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

Yar is a tool for plunderin' organizations, users and/or repositories.

Writing custom backdoor payloads with C# - Defcon 27 Workshop

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

awsenv is intended as a local credential store for people using more than one AWS account at the same time

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Know the dangers of credential reuse attacks.

Infosec Wordlists

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Some notes and examples for cobalt strike's functionality

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

A python script that finds endpoints in JavaScript files

mosquito - Automating reconnaissance and brute force attacks

🔒Unified API for password hashing algorithms

List of my talks and workshops: security engineering, applied cryptography, secure software development

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Wireshark Cheat Sheet

Selenium powered Python script to automate searching for vulnerable web apps.

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

🔐 Docker Container for Penetration Testing & Security

Private key usage verification

The Swiss Army knife for automated Web Application Testing

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Functions that can be used to gain Reverse Shells with PowerShell

A flexible control server for osquery fleets

Search for Unix binaries that can be exploited to bypass system security restrictions.

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

Interactive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack

backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.

Red Teaming Tactics and Techniques

This repository will be updated with all the examples and links that I can find with relevant knowledge & information about CP in MS Windows vista up to version 10.

This challenge is Inon Shkedy's 31 days API Security Tips.

C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

AWS Secrets Manager Credentials Provider for Jenkins

A simple phishing tool that can phish almost any website

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Detect secrets in your request/response using secretlint.

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

Scan your code for security misconfiguration, search for passwords and secrets. 🔍

Scan for open AWS S3 buckets and dump the contents

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

LD_PRELOAD rootkit

Encrypted & plain text credentials for multiple environments

A CloudFormation custom resource provider for deploying secrets and keys

Malcom - Malware Communications Analyzer

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

Discord C2 for Redteam....Need a better name

The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.

Collection of PowerShell functions a Red Teamer may use to collect data from a machine

rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

Load shellcode into a new process

Bloodhound for Blue and Purple Teams

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

Open source pre-operation C2 server based on python and powershell

PowerShell framework to assess Azure security

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

Generate credentials for Opera's "browser VPN"