1495 Open source projects that are alternatives of or similar to Ctf Notes

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

🆕 The Multi-Tool Web Vulnerability Scanner.

my oscp prep collection

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A collection of personal scripts used in hacking excercises.

Useful tools and scripts during Penetration Testing engagements

Penetration Testing notes, resources and scripts

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Get GTFOBins info about a given exploit from the command line

Web path scanner

Don't let buffer overflows overflow your mind

Automated NoSQL database enumeration and web application exploitation tool.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Hacker101 CTF Writeup

Awesome Vulnerable Applications

Audit tool to find common vulnerabilities in PHP source code

HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing

A MongoDB importer and API for Project Sonars DNS datasets

Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

A high performance offensive security tool for reconnaissance and vulnerability scanning

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

ANDRAX The first and unique Penetration Testing platform for Android smartphones

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

Free Security and Hacking eBooks

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

Cameradar hacks its way into RTSP videosurveillance cameras

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Vagrant VirtualBox environment for conducting an internal network penetration test

Rubyfu, where Ruby goes evil!

Web Application Security Scanner Framework

Top 100 Hacking & Security E-Books (Free Download)

📕 Both personal and public notes for EC-Council's CEHv10 312-50, because its thousands of pages/slides of boredom, and a braindump to many

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Steganograpy in Python | Hide files or data in Image Files

Next generation web scanner

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Opening the door, one reverse shell at a time

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Notes from OSCP, CTF, security adventures, etc...

📓 Some security related notes

PowerShell payload generator