382 Open source projects that are alternatives of or similar to Enigma

Go-deliver is a payload delivery tool coded in Go.

SSTI Payload Generator

cve-2019-0604 SharePoint RCE exploit

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

A Undetectable Payload Generation

Hide your payload into .jpg file

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

Python Remote Administration Tool (RAT)

Fast and lightweight yet another UEFI implementation

Hooks in to interesting functions and helps reverse the web app faster.

🔐 Docker Container for Penetration Testing & Security

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Find exploits in local and online databases instantly

nray distributed port scanner

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Passwords Recovery Tool

An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Simple Karma Attack

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

pentest framework

Intelligence and Reconnaissance Package/Bundle installer.

This challenge is Inon Shkedy's 31 days API Security Tips.

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

Burp Suite extension to passively scan for applications revealing server error messages

Metasploit Cheat Sheet 💣

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

Vulnerability Recurrence:漏洞复现记录

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

XSS'OR - Hack with JavaScript.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

SMB Relay Attack Script

Burp extension to passively scan for applications revealing software version numbers

Translator from USB-Rubber-Ducky payloads to a Digispark code.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Chef repository for pentesting tools

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

CVE-2016-8610 (SSL Death Alert) PoC

Wavestone's web interface for password cracking with hashcat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Collection of quality safety articles. Awesome articles.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

jSQL Injection is a Java application for automatic SQL database injection.

Username enumeration and password spraying tool aimed at Microsoft O365.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Semantic Java API Library for NEM Platform

Vulnerability Dashboard

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

KratosKnife is a Advanced BOTNET Written in python 3 for Windows OS. Comes With Lot of Advanced Features such as Persistence & VM Detection Methods, Built-in Binder, etc

Automatic SSRF fuzzer and exploitation tool