7859 Open source projects that are alternatives of or similar to Defaultcreds Cheat Sheet

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

my oscp prep collection

Most usable tools for iOS penetration testing

Data leak checker & OSINT Tool

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Intelligence tool but without API key

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Offensive tools as Dockerfiles. Lightweight & Ready to go

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

hydra

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

C2/post-exploitation framework

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Powerfull XSS Scanning and Parameter analysis tool&gem

windows-kernel-exploits Windows平台提权漏洞集合

Automated Red Team Infrastructure deployement using Docker

A big list of Android Hackerone disclosed reports and other resources.

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

Hacking Toolkit

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A Powerful Subdomain Takeover Tool

Gorsair hacks its way into remote docker containers that expose their APIs

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Multi Tool Subdomain Enumeration

The AI Application Platform We All Need. Human AND Machine Intelligence. Based on experience building AI solutions at Panasonic: robotics predictive maintenance, cold-chain energy optimization, Gigafactory battery mfg, avionics, automotive cybersecurity, and more.

💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

A collection of various GitHub gists for hackers, pentesters and security researchers

Reverse proxies cheatsheet

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Sample queries for Advanced hunting in Microsoft 365 Defender

被动式漏洞扫描系统

Notes about attacking Jenkins servers

CVE-2016-8610 (SSL Death Alert) PoC

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Browser's XSS Filter Bypass Cheat Sheet

Cross Origin Resource Sharing MisConfiguration Scanner

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Dump exposed HTTP .git fast

Set of tools to audit SIP based VoIP Systems

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.