453 Open source projects that are alternatives of or similar to Gtfo

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

A Network Enumeration and Attack Toolset for Windows Active Directory Environments.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A Tool that Finds, Enumerates, and Exploits Reolink Cameras.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Enumeration list for CakePHP 3

Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Enumerations for Ruby with some magic powers! 🎩

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Better Rails Enumerations

Apache Shiro 反序列化漏洞检测与利用工具

A collection of android Exploits and Hacks

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

This is a list of Discord console scripts, bugs and exploits.

A collection of Destiny 2 macros built with AutoHotKey

Yet Another PHP Shell - The most complete PHP reverse shell

Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻

Reverse Shell Cheat Sheet TooL

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Patch for Waterfall to improve performance during attacks and fix memory issues.

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

an RCE (remote command execution) approach of CVE-2018-7750

all mine papers, pwn & exploit

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

C++ library for semigroups and monoids

Automatic Enumeration Tool based in Open Source tools

🦄🔒 Awesome list of secrets in environment variables 🖥️

Everything needed for doing CTFs

Real world and CTFs exploiting web/binary POCs.

macOS Kernel Exploit for CVE-2019-8781. Credit for the bug goes to @LinusHenze :)

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

An interactive multi-user web JS shell

SQL Injection Payload List

Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. Blackcat keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continues capture system screenshot and send to ftp server in given time.

Open Mesh OM5P-AC v2 Unlocker (U-Boot 1.1.4 based)

An exploit for Apache Struts CVE-2018-11776

log4j2 remote code execution or IP leakage exploit (with examples)

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

My documentation and tools for learn ethical hacking.

Repository to train/learn memory corruption on the ARM platform.

Multi-language web CGI interfaces exploits.

Executes common PowerSploit Powerview functions then combines output into a spreadsheet for easy analysis.

Script for Local Windows Enumeration

Misc. Public Reports of Penetration Testing and Security Audits.

A MongoDB importer and API for Project Sonars DNS datasets

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Yet Another LInkedIn Scraper...

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

SambaCry exploit and vulnerable container (CVE-2017-7494)

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.