1059 Open source projects that are alternatives of or similar to Evil Ssdp

An evil RAT (Remote Administration Tool) for macOS / OS X.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Linux Privilege Escalation Tool By WazeHell

Automating Jenkins Hacking using Shodan API

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Reverse Shell as a Service

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.

Encoder to bypass WAF filters using XOR operations

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Project transferred to: https://github.com/taielab/awesome-hacking-lists

linux动态链接库的注入修改查找工具 A tool for injection, modification and search of linux dynamic link library

The cheat sheet about Java Deserialization vulnerabilities

A set of recipes useful in pentesting and red teaming scenarios

Advanced and easy to use penetration testing framework 💣🔎

🔓 A dynamic dictionary merger for successful dictionary based attacks.

🚀 Fast Port Scanner 🚀

Responsive Command and Control System

Venom - A Multi-hop Proxy for Penetration Testers

Network protocol auditing framework

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

JSshell - JavaScript reverse/remote shell

Single Page Cheatsheet for common MSF Venom One Liners

Perform automated network reconnaissance scans

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

An advanced graphical search engine for Exploit-DB

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Black Worm Offical Repo

Relational database brute force and post exploitation tool for MySQL and MSSQL

Detect hidden files and text in images

An extensible application for penetration testers and software developers to decode/encode data into various formats.

DDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file system of websites.. Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities.) Web Spider: For gathering web application hacking information. Email scraper: To get all emails related to a webpage IMDB Rating: Easy way to access the movie database. Both .exe(compressed as zip) and .py versions are available in files.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Evaluate the security of S3 buckets

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

🔱 [ Phishing Made Easy ] 🔱 (In Beta)

游戏外挂通用框架，快速构建外挂程序。

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application

YSF Server Functions

A documentation about how to hack Minecraft servers

Plug-and-play bash script for sniffing 802.11 probes requests 👃

Facebook Brute Forcer in shellscript using TOR

Burp Bounty profiles compilation, feel free to contribute!

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

🎬 A curated list of movies every hacker & cyberpunk must watch.

Centralize Vulnerability Assessment and Management for DevSecOps Team

Subdomain Takeover tool written in Go

FAQ del mundo de la seguridad informática en español.

An OSINT tool to gather information about the real owner of a phone number

Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.

Wireshark Cheat Sheet

🪓 a multi-threaded, low-bandwidth HTTP DOS tool

Monitor linux processes without root permissions

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Our OSCP repo: from popping shells to mental health.