1277 Open source projects that are alternatives of or similar to Gtfonow

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

Search for Unix binaries that can be exploited to bypass system security restrictions.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

备考 OSCP 的各种干货资料/渗透测试干货资料

A curated list of awesome privilege escalation

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Monitor linux processes without root permissions

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Useful CTF Tools

Linux kernel development & exploitation lab.

Automation for internal Windows Penetrationtest / AD-Security

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

An evil RAT (Remote Administration Tool) for macOS / OS X.

Linux enumeration tool for pentesting and CTFs with verbosity levels

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

WhiteWinterWolf's PHP web shell

🛠️ Tool to bypass my school's security system to get sudo privileges on MacOS

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

👻Impost3r -- A linux password thief

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Sifter aims to be a fully loaded Op Centre for Pentesters

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

A framework for Backdoor development!

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Venom - A Multi-hop Proxy for Penetration Testers

A tool to test security of json web token

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️

Micro-framework for rapid development of reusable security tools

Relational database brute force and post exploitation tool for MySQL and MSSQL

An awesome resource listing and explaining various commonly used *nix commands

unix SSH post-exploitation 1337 tool

A collection of hacking / penetration testing resources to make you better!

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Steganography brute-force utility to uncover hidden data inside files

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Privilege Escalation Enumeration Script for Windows

👻Stowaway -- Multi-hop Proxy Tool for pentesters

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

🔨 A modern multiple reverse shell sessions manager wrote in go

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Handbook of information collection for penetration testing and src

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.