871 Open source projects that are alternatives of or similar to Eyes.sh

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Multi source CVE/exploit parser.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Go library for credentials recovery

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A pentesting tool inspired by mr robot and derived by zphisher

Command line tool that allows you to explore IoT devices by using Shodan API.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Sifter aims to be a fully loaded Op Centre for Pentesters

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Venom - A Multi-hop Proxy for Penetration Testers

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Dradis Framework: Colllaboration and reporting for IT Security teams

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Idiomatic nmap library for go developers

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Penetration Testing Platform

Awesome cloud enumerator

Extract subdomains from SSL certificates in HTTPS sites.

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

👻Impost3r -- A linux password thief

NetCat for Windows

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Steganography brute-force utility to uncover hidden data inside files

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Penetration Testing notes, resources and scripts

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Useful tools and scripts during Penetration Testing engagements

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

👻Stowaway -- Multi-hop Proxy Tool for pentesters

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

🔪 Leak git repositories from misconfigured websites

OSINT Tool: Generate username lists for companies on LinkedIn

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

CVE-2016-8610 (SSL Death Alert) PoC

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Ruby on Rails Phishing Framework

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

The Last Web Recon Tool You'll Need

A web front-end for password cracking and analytics

Gorsair hacks its way into remote docker containers that expose their APIs

Exploit Pack -The next generation exploit framework

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Browse and search through nmap's NSE scripts.