753 Open source projects that are alternatives of or similar to Dsinternals

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

A tool and library for rotating your password on online services

Building an Active Directory domain and hacking it

被动式漏洞扫描系统

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

DotDotPwn - The Directory Traversal Fuzzer

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

An NFC research toolkit application for Android

Useful tools and scripts during Penetration Testing engagements

A collection of wordlists dictionaries for password cracking

Penetration Testing notes, resources and scripts

Program to reverse Docker images into Dockerfiles

Security Knowledge Framework (SKF) Python Flask / Angular project

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Web path scanner

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

A boilerplate Go and AWS Lambda app. Demonstrates an expert configuration of 10+ AWS services to support running Go functions-as-a-service (FaaS).

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

kube-scan: Octarine k8s cluster risk assessment tool

IPv6 attack toolkit

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell "easier"

Run Node.js web applications and APIs using existing application frameworks on AWS #serverless technologies such as Lambda, API Gateway, Lambda@Edge, and ALB.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Tools for working with SAM/BAM data

🆕 The Multi-Tool Web Vulnerability Scanner.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

A cross-platform note-taking & target-tracking app for penetration testers.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Sifter aims to be a fully loaded Op Centre for Pentesters

Security advisory database for Rust crates published through crates.io

Hack the World using Termux

Steganography brute-force utility to uncover hidden data inside files

The SpecterOps project management and reporting engine

Automatic SQL injection with Charles and sqlmap api

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker

A Golang implant that uses Slack as a command and control server

A distributed nmap / masscan scanning framework complete with an API client for automation workflows

Idiomatic nmap library for go developers

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

InQL - A Burp Extension for GraphQL Security Testing

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.

An advanced tool for email reconnaissance

A script for advanced discovery of Privileged Accounts - includes Shadow Admins

a tool to analyze filesystem images for security

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Ruby on Rails Phishing Framework

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

一键提取安卓应用中可能存在的敏感信息。

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

C library for high-throughput sequencing data formats

Chromepass - Hacking Chrome Saved Passwords