2820 Open source projects that are alternatives of or similar to Crithit

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Scripts I use during pentest engagements.

Semi-automatic OSINT framework and package manager

A Router WiFi key recovery/cracking tool with a twist.

A Python-powered exploitation framework and botnet.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Asynchronous Python implementation of SlowLoris DoS attack

Cross Origin Resource Sharing MisConfiguration Scanner

Simple Golang HTTPS/TLS Examples

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.

Linux命令转发记录

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

XSHOCK Shellshock Exploit

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Custom memory allocator that helps discover reads from uninitialized memory

websocket-connection-smuggler

Discover hidden deepweb pages

My OSCP journey

An OSINT Metadata analyzing tool that filters through tags and creates reports

Work in progress...

Fast browser-based network discovery module

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Monitor linux processes without root permissions

Providing aid in converting video games.

Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

It's a simple tool for test vulnerability shellshock

⛔️ offsec batteries included

🔥 A powerful MongoDB auditing and pentesting tool 🔥

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

The best Hacking and PenTesting tools installer on the world

RFD Checker - security CLI tool to test Reflected File Download issues

Scripts to gather system configuration information for offline/remote auditing

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Advanced vulnerability scanning with Nmap NSE

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Mikrotik RouterOS (6.x < 6.38.5) exploit kit. Reverse engineered from the "Vault 7" WikiLeaks publication.

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Responsive Command and Control System

A set of recipes useful in pentesting and red teaming scenarios

Windows one line commands that make life easier, shortcuts and command line fu.

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

BlackRAT - Java Based Remote Administrator Tool

A Python3 based single-file subdomain enumerator

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

👥😈 Infect a pc with badusb and establish a connection through telegram.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them

GitBook: OSCP RoadMap

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Penetration tests guide based on OWASP including test cases, resources and examples.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.