644 Open source projects that are alternatives of or similar to Enum4linux Ng

A tool to test security of json web token

Everything needed for doing CTFs

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Modern alternative to dirbuster/dirb

Hacking Toolkit

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

A fast, simple, recursive content discovery tool written in Rust.

Username enumeration and password spraying tool aimed at Microsoft O365.

🔑 Hash type identifier (CLI & lib)

Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

A Go implementation of dirsearch.

Intelligence and Reconnaissance Package/Bundle installer.

jSQL Injection is a Java application for automatic SQL database injection.

pentest framework

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Set of tools to audit SIP based VoIP Systems

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Bash script for CTF automating basic enumeration

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Executes common PowerSploit Powerview functions then combines output into a spreadsheet for easy analysis.

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.

Automated NoSQL database enumeration and web application exploitation tool.

ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Pentest Report Generator

Docker auditing and enumeration script.

Misc. Public Reports of Penetration Testing and Security Audits.

Yet Another PHP Shell - The most complete PHP reverse shell

Jam all wifi clients/routers.

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

An automated approach to performing recon for bug bounty hunting and penetration testing.

Automatic Enumeration Tool based in Open Source tools

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.

A fast DOM based XSS vulnerability scanner with simplicity.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Goca Scanner

Personal CTF Toolkit

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Free advanced and modern Windows botnet with a nice and secure PHP panel.

Web Application Security Scanner Framework

A curated list of awesome infosec courses and training resources.

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

ATT&CK实操

SIP-Based Audit and Attack Tool

Cybersecurity Evaluation Tool