2304 Open source projects that are alternatives of or similar to Docker Security Images

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Extract subdomains from SSL certificates in HTTPS sites.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Multi source CVE/exploit parser.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

hydra

A tool to automate penetration tests

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A tool to test security of json web token

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Attack Surface Management Platform | Sn1perSecurity LLC

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Hacking Toolkit

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

备考 OSCP 的各种干货资料/渗透测试干货资料

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Web path scanner

🔑 Hash type identifier (CLI & lib)

Yet Another PHP Shell - The most complete PHP reverse shell

A wrapper for Nmap to quickly run network scans

Set of tools to audit SIP based VoIP Systems

A curated list of awesome infosec courses and training resources.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

An advanced tool for email reconnaissance

Open Redirect Payloads

Idiomatic nmap library for go developers

SSRF (Server Side Request Forgery) testing resources

Penetration Testing notes, resources and scripts

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Sifter aims to be a fully loaded Op Centre for Pentesters

Dradis Framework: Colllaboration and reporting for IT Security teams

Pentest Report Generator

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Wireshark Cheat Sheet

Centralize Vulnerability Assessment and Management for DevSecOps Team

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

A curated list of awesome OSCP resources

Vulnerability Dashboard

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Gorsair hacks its way into remote docker containers that expose their APIs

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

CVE-2016-8610 (SSL Death Alert) PoC

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Responsive Command and Control System

The Collective. A repo for a collection of red-team projects found mostly on Github.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

Next generation web scanner

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords