640 Open source projects that are alternatives of or similar to GoPhish-Templates

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

备考 OSCP 的各种干货资料/渗透测试干货资料

DeepSea Phishing Gear

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Dark-Phish is a complete phishing tool. For more about Dark-Phish tool please visit the website.

Offensive Reverse Shell (Cheat Sheet)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Collective. A repo for a collection of red-team projects found mostly on Github.

A pentesting tool inspired by mr robot and derived by zphisher

Ruby on Rails Phishing Framework

一款适用于红蓝对抗中的仿真钓鱼系统

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

List of Awesome Red Teaming Resources

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Functions that can be used to gain Reverse Shells with PowerShell

🙃 Reverse Shell Cheat Sheet 🙃

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Open-Source Phishing Toolkit

Domain name permutation engine written in Go

Work in progress...

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)

A dictionary attack tool for PostgreSQL and MSSQL

redteam.wiki

Phishing Tool

Wireless USB Rubber Ducky triggered via BLE (make your Ubertooth quack!)

Blue Team detection lab created with Terraform and Ansible in Azure.

PowerShell payload generator

A tool to extract and abuse access tokens from AzureCLI for bypassing 2FA/MFA.

ShellCodeLoader via DInvoke

This is a Phishing tool. Phishing is a type of hacking also called credential harvesting. It creates fake websites for victims to login which saves their login info which includes IP, User-Agent, Username and Password to a file in the computer running Blackeye. This tool has been there for Linux and even Android via Termux. I converted it to Win…

Pentest: Subdomains enumeration tool for penetration testers.

Microsoft Azure Exploitation Framework

Turn PuTTY into an SSH login bruteforcing tool.

Monitoring GitHub for sensitive data shared publicly

phishEye is an ultimate phishing tool in python. Includes popular websites like Facebook, Twitter, Instagram, LinkedIn, GitHub, Dropbox, and many others. Created with Flask, custom templates, and tunneled with ngrok and localhost.run.

Kali image with kali-linux-full metapackage installed, build every night.

Wi-Fi Machine-in-the-Middle: Automation of MitM Attack on Wi-Fi Networks

Collect email addresses by crawling search engine results.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

Phishing dataset with more than 88,000 instances and 111 features. Web application available at. https://gregavrbancic.github.io/Phishing-Dataset/

An XMLRPC brute forcer targeting Wordpress written in Python 3. (DISCONTINUED)

An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.

Bash script which installs and runs the Fluxion tool inside Termux, a wireless security auditing tool used to perform attacks such as WPA/WPA2 cracking and MITM attacks.

Dashboard to collect, analyze, and respond to reported phishing emails.

Quick SQL Scanner, Dorker, Webshell injector PHP

The linux choice collection tools

Generate Professional Phishing Emails Fast And Easy

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.