187 Open source projects that are alternatives of or similar to fofa_viewer

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Purple Team Exercise Framework

Project to enumerate proxy configurations and generate shellcode from CobaltStrike

Wireless USB Rubber Ducky triggered via BLE (make your Ubertooth quack!)

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Enumerate information from NTLM authentication enabled web endpoints 🔎

Webshell Manager

根据多个不同地区进行聚合查询以获取更多 fofa 数据

DeepSea Phishing Gear

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

Automation for internal Windows Penetrationtest / AD-Security

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

The Collective. A repo for a collection of red-team projects found mostly on Github.

Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes

Venom - A Multi-hop Proxy for Penetration Testers

Test Blue Team detections without running any attack.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

The goal of this repository is to document the most common techniques to bypass AppLocker.

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

🌒 Shell command obfuscation to avoid detection systems

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

ShellCodeLoader via DInvoke

backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Reproducible and extensible BloodHound playbooks

fofax is a command line query tool based on the API of https://fofa.info/, simple is the best!

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.

Utilities for MITRE™ ATT&CK

It records your terminal, then lets you upload to ASHIRT

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

A list of payload and bypass lists for penetration testing and red team infrastructure build.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Passwords Recovery Tool

Open-Source PE Packer

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

🔎 Hunt down social media accounts by username across social networks

One stop place for exploiting Jira instances in your proximity

Monitoring your Slack workspaces for sensitive information

基于Threathunting-book基础上完善的狩猎视角红队handbook

Simple DLL that add a user to the local Administrators group

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A Cobalt Strike Aggressor script to generate GadgetToJScript payloads

Monitoring GitHub for sensitive data shared publicly

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.