871 Open source projects that are alternatives of or similar to Eyes.sh

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Th3Inspector 🕵️ Best Tool For Information Gathering 🔎

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Chrome extension designed for WordPress Vulnerability Scanning and information gathering!

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

被动式漏洞扫描系统

GitHub Recon — and what you can achieve with it!

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Convert Instagram user ID to username & vice versa

Burp Suite extension to passively scan for applications revealing server error messages

🔓Subdomain enumeration and information gathering tool

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

🐶 A curated list of Web Security materials and resources.

Web Content Discovery Tool

Responsive Command and Control System

Work in progress...

Security Tool to Look For Interesting Files in S3 Buckets

Self contained htaccess shells and attacks

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Reverse proxies cheatsheet

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

Empire HTTP(S) C2 redirector setup script

The Shadow Attack Framework

WaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

An advanced graphical search engine for Exploit-DB

A portable console aimed at making pentesting with PowerShell a little easier.

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

IPv6 attack toolkit

Incredibly fast crawler designed for OSINT.

A cross-platform note-taking & target-tracking app for penetration testers.

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

Discover Your Attack Surface!

Facebook Information

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A simple keylogger for Windows, Linux and Mac

Wordpress Attack Suite

DNS Sub-domain brute forcer, in Python + gevent

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

USB Rubber Ducky type scripts written for the DigiSpark.

XSHOCK Shellshock Exploit

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

HOSTS file and research project to block all known NSA / GCHQ / C.I.A. / F.B.I. spying server

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

MSDAT: Microsoft SQL Database Attacking Tool

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Abusing Impersonation Privileges on Windows 10 and Server 2019

A Powerful Subdomain Takeover Tool

Find web directories without bruteforce

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Automated Cyber Offense

DotDotPwn - The Directory Traversal Fuzzer

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

无状态子域名爆破工具