2270 Open source projects that are alternatives of or similar to Habu

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

Extract endpoints from APK files

Awesome .NET Security Resources

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!

HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing

ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.

Misc. Public Reports of Penetration Testing and Security Audits.

Offensive Reverse Shell (Cheat Sheet)

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

List of every possible vulnerabilities in computer security.

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Hawkeye filesystem analysis tool

Command line tool that allows you to explore IoT devices by using Shodan API.

Different utility scripts for pentesting and hacking.

Web Recon & Exploitation Tool.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Rockyou for web fuzzing

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

Git All the Payloads! A collection of web attack payloads.

Rubyfu, where Ruby goes evil!

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

A pentesting tool inspired by mr robot and derived by zphisher

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Automate Pentest Tool

An automated e-mail OSINT tool

Overlord - Red Teaming Infrastructure Automation

locate and attack Lync/Skype for Business

红队综合渗透框架

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.

SST Architectural Simulation Components and Libraries

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

generates weak passwords based on current date

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

Selenium powered Python script to automate searching for vulnerable web apps.

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Hack the World using Termux

Pentest: Subdomains enumeration tool for penetration testers.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Docker - Ubuntu with a bunch of PenTesting tools and wordlists

PHP Security Check List [ EN ] 🌋 ☣️

Steganography brute-force utility to uncover hidden data inside files

Gets in the way of your victim's traffic and out of yours

WireBug is a toolset for Voice-over-IP penetration testing

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

NERVE Continuous Vulnerability Scanner

Automated Red Team Infrastructure deployement using Docker

Top 100 Hacking & Security E-Books (Free Download)

Free advanced and modern Windows botnet with a nice and secure PHP panel.

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

ATT&CK实操