1066 Open source projects that are alternatives of or similar to ggtfobins

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A collection of resources I'm using while working toward the OSCP

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Monitor linux processes without root permissions

Web path scanner

Everything needed for doing CTFs

🆕 The Multi-Tool Web Vulnerability Scanner.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

GitBook: OSCP RoadMap

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

备考 OSCP 的各种干货资料/渗透测试干货资料

Notes from OSCP, CTF, security adventures, etc...

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

A MongoDB importer and API for Project Sonars DNS datasets

Notes for taking the OSCP in 2097. Read in book form on GitBook

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Multi Tool Subdomain Enumeration

Security Tool to Look For Interesting Files in S3 Buckets

A fast web directory/file enumeration tool written in Rust

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

🔑 Hash type identifier (CLI & lib)

Cameradar hacks its way into RTSP videosurveillance cameras

A collection of personal scripts used in hacking excercises.

Automated NoSQL database enumeration and web application exploitation tool.

Roadmap for preparing for OSCP, anyone is free to use this, and also feedback and contributions are welcome

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

A tool to enumerate network services

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

This tool aims at automating the identification of potential service running behind ports identified manually either through manual scan or services running locally. The tool is useful when nmap or any scanning tool is not available and in the situation during which you did a manual port scanning and then want to identify the services running behind the identified ports.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

PowerShell payload generator

How to prepare for OSCP complete guide

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

A Security Tool for Enumerating WebSockets

an asynchronous target enumeration tool

This tool provides commandline access for https://www.hackthebox.eu, https://tryhackme.com/ and https://www.vulnhub.com/ machines.

Writeups for vulnerable machines.

Pentest: Subdomains enumeration tool for penetration testers.

Automated Web Recon Shell Scripts

Opening the door, one reverse shell at a time

Multi source CVE/exploit parser.

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Some good resources for getting started with application security

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

PENIOT: Penetration Testing Tool for IoT

Collection of several DDos tools.

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Security challenges and CTFs created by the Penultimate team.

Totally Insecure Web Application Project (TIWAP)

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻