2417 Open source projects that are alternatives of or similar to Dumpsterfire

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

DNS Rebinding Exploitation Framework

Fast browser-based network discovery module

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

DeimosC2 is a Golang command and control framework for post-exploitation.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Know the dangers of credential reuse attacks.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Automatically Launch Google Hacking Queries Against A Target Domain

RubberDucky like payloads for DigiSpark Attiny85

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Automation for internal Windows Penetrationtest / AD-Security

Offensive tools as Dockerfiles. Lightweight & Ready to go

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Vagrant VirtualBox environment for conducting an internal network penetration test

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

A curated list of awesome privilege escalation

Hawkeye filesystem analysis tool

Official Black Hat Arsenal Security Tools Repository

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

🔑 Hash type identifier (CLI & lib)

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

A tool for generating reverse shell payloads on the fly.

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

🌒 Shell command obfuscation to avoid detection systems

Multi source CVE/exploit parser.

Bifrost C2. Open-source post-exploitation using Discord API

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

A Tool for Domain Flyovers

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

A Blazing fast Security Auditing tool for Kubernetes

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Selenium powered Python script to automate searching for vulnerable web apps.

Exploit Pack -The next generation exploit framework

Web Recon & Exploitation Tool.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

👻Stowaway -- Multi-hop Proxy Tool for pentesters

安全编排与自动化响应平台

Yet Another PHP Shell - The most complete PHP reverse shell

Penetration Testing notes, resources and scripts

hydra

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A tool to automate penetration tests

swiss army knife for hackers

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

👻Impost3r -- A linux password thief

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A Python Tool For google Hacking

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Open Redirect Payloads

Most usable tools for iOS penetration testing