2820 Open source projects that are alternatives of or similar to Crithit

Providing aid in converting video games.

A simple keylogger for Windows, Linux and Mac

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A collection of response templates for invalid bug bounty reports.

Simple Server Side Request Forgery services enumeration tool.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

My OSCP journey

websocket-connection-smuggler

This challenge is Inon Shkedy's 31 days API Security Tips.

pentest framework

Linux命令转发记录

Automatic SQL injection with Charles and sqlmap api

It's a simple tool for test vulnerability shellshock

A Router WiFi key recovery/cracking tool with a twist.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

A Powerful Subdomain Takeover Tool

⛔️ offsec batteries included

Scripts to gather system configuration information for offline/remote auditing

RFD Checker - security CLI tool to test Reflected File Download issues

Python network worm that spreads on the local network and gives the attacker control of these machines.

🎯 SQL Injection Payload List

InQL - A Burp Extension for GraphQL Security Testing

🔓 A dynamic dictionary merger for successful dictionary based attacks.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Discover hidden deepweb pages

Asynchronous Python implementation of SlowLoris DoS attack

Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.

Relational database brute force and post exploitation tool for MySQL and MSSQL

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Mikrotik RouterOS (6.x < 6.38.5) exploit kit. Reverse engineered from the "Vault 7" WikiLeaks publication.

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

An OSINT Metadata analyzing tool that filters through tags and creates reports

XSHOCK Shellshock Exploit

Hashcat web interface

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

🎯 Server Side Template Injection Payloads

Work in progress...

A Python-powered exploitation framework and botnet.

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Simple Golang HTTPS/TLS Examples

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

备考 OSCP 的各种干货资料/渗透测试干货资料

Scripts I use during pentest engagements.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Dump exposed HTTP .git fast

WebShell Backdoor Framework

Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

A big list of Android Hackerone disclosed reports and other resources.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Fast browser-based network discovery module