3705 Open source projects that are alternatives of or similar to Dictionary Of Pentesting

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Web path scanner

渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker

Extract subdomains from SSL certificates in HTTPS sites.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Rockyou for web fuzzing

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Web Pentesting Fuzz 字典,一个就够了。

Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram

Fast Modular Web Interfaces Bruteforcer

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A python tool to check subdomain takeover vulnerability

hydra

A Python3 based single-file subdomain enumerator

A MongoDB importer and API for Project Sonars DNS datasets

Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

RAS(RAndom Subdomain) Fuzzer

A fast DOM based XSS vulnerability scanner with simplicity.

Subdomain Takeover tool written in Go

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Hacking tools

generates weak passwords based on current date

Python 3.5+ DNS asynchronous brute force utility

A tool to test security of json web token

Dumain Bruteforcer - a fast and flexible domain bruteforcer

Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

A Powerful Subdomain Takeover Tool

Yet Another PHP Shell - The most complete PHP reverse shell

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Handbook of information collection for penetration testing and src

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Pentest/BugBounty progress control with scanning modules

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Port scanning and domain utility.

Selenium powered Python script to automate searching for vulnerable web apps.

Awesome cloud enumerator

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Directory/File, DNS and VHost busting tool written in Go

An automated approach to performing recon for bug bounty hunting and penetration testing.

A fully automatic wifi deauther coded in Python

X Brute Forcer Tool 🔓 WordPress , Joomla , DruPal , OpenCart , Magento

Infosec Wordlists

Jam all wifi clients/routers.

Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Next generation web scanner

🎯 XML External Entity (XXE) Injection Payload List

Hetty is an HTTP toolkit for security research.

A tool to automate penetration tests

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Fully automated offensive security framework for reconnaissance and vulnerability scanning