2270 Open source projects that are alternatives of or similar to Habu

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

pentest framework

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Fast Modular Web Interfaces Bruteforcer

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

👻Impost3r -- A linux password thief

Open Redirect Payloads

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Study Notes For Web Hacking / Web安全学习笔记

swiss army knife for hackers

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

The ultimate WinRM shell for hacking/pentesting

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Awesome hacking is an awesome collection of hacking tools.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Ruby on Rails Phishing Framework

my oscp prep collection

RubberDucky like payloads for DigiSpark Attiny85

A high performance offensive security tool for reconnaissance and vulnerability scanning

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

A web front-end for password cracking and analytics

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Sifter aims to be a fully loaded Op Centre for Pentesters

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

OSINT Tool: Generate username lists for companies on LinkedIn

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

A curated list of awesome privilege escalation

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

Quickly analyze and reverse engineer Android packages

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Pentest Report Generator

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Quick SQL Scanner, Dorker, Webshell injector PHP

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

A Linux packet crafting tool.

Automatically Launch Google Hacking Queries Against A Target Domain

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Awesome cloud enumerator

Multi OTP Spam Amp/Paralell threads

Subdomain enumeration through various techniques

Useful tools and scripts during Penetration Testing engagements

Web Application Security Scanner Framework

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Attack surface mapping

Hacker101 CTF Writeup

Tool Information Gathering Write By Python.