7859 Open source projects that are alternatives of or similar to Defaultcreds Cheat Sheet

🦄🔒 Awesome list of secrets in environment variables 🖥️

Information Security Library

🔐 Docker Container for Penetration Testing & Security

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Yet Another PHP Shell - The most complete PHP reverse shell

Misc. Public Reports of Penetration Testing and Security Audits.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

RFD Checker - security CLI tool to test Reflected File Download issues

Turn your VPS into an attack box

You didn't think I'd go and leave the blue team out, right?

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Framework for rapid development and reusable of security tools

Subdomain Takeover tool written in Go

A Tool for Domain Flyovers

Responsive Command and Control System

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Offensive Reverse Shell (Cheat Sheet)

The Collective. A repo for a collection of red-team projects found mostly on Github.

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

This challenge is Inon Shkedy's 31 days API Security Tips.

Awesome Node.js Security resources

Related subdomains finder

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Pentest: Subdomains enumeration tool for penetration testers.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

🔑 Hash type identifier (CLI & lib)

Monitoring GitHub for sensitive data shared publicly

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Awesome cloud enumerator

Selenium powered Python script to automate searching for vulnerable web apps.

Leaked pentesting manuals given to Conti ransomware crooks

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Extract subdomains from SSL certificates in HTTPS sites.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

A fast DOM based XSS vulnerability scanner with simplicity.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Intelligence tool but without API key

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Hetty is an HTTP toolkit for security research.

my oscp prep collection

Web path scanner

A curated list of awesome OSCP resources

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A collection of awesome security hardening guides, tools and other resources

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A collection of some of my scripts

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

🎯 XML External Entity (XXE) Injection Payload List

Most usable tools for iOS penetration testing