647 Open source projects that are alternatives of or similar to Deepsea

The best Hacking and PenTesting tools installer on the world

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest

红队作战中比较常遇到的一些重点系统漏洞整理。

Empire HTTP(S) C2 redirector setup script

Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

A simple keylogger for Windows, Linux and Mac

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Domain name permutation as a service

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

无状态子域名爆破工具

Our OSCP repo: from popping shells to mental health.

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

Single-file PHP shell

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

A repo with information about security of Ethereum Smart Contracts

做redteam时使用，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Reproducible and extensible BloodHound playbooks

Dump exposed HTTP .git fast

A Python3 based single-file subdomain enumerator

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

Fast browser-based network discovery module

Snoop — инструмент разведки на основе открытых данных (OSINT world)

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

online port scan scraper

🔪 Leak git repositories from misconfigured websites

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Tool designed for performing various social engineering attacks, for phishing.

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

CVE-2016-8610 (SSL Death Alert) PoC

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

Simple multi threaded tool to extract domain related data from commoncrawl.org

Monitor Certificate Transparency Logs For Phishing Domains

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

The Last Web Recon Tool You'll Need

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

A Hashcat wrapper for distributed hashcracking

Reverse Shell as a Service

Responsive Command and Control System

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Advanced Phishing tool for Linux & Termux

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡