310 Open source projects that are alternatives of or similar to Hack

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Undetectable Windows Payload Generation

JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.

An Python Script For Generating Payloads that Bypasses All Antivirus so far .

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Research on Anti-malware and other related security solutions

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.

Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…

Antivirus evasion project

Bypass 403 or 401 or 404

Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC

Complete Listing and Usage of Tools used for Ethical Hacking

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

Bypassing disabled exec functions in PHP (c) CRLF

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Yara Based Detection Engine for web browsers

PHP-based anti-virus anti-trojan anti-malware solution.

x-frame-options bypass

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

discontinued

Учебное пособие по защите информации кафедры радиотехники и систем управления МФТИ

TinyAntivirus is an open source antivirus engine designed for detecting polymorphic virus and disinfecting it.

Search for Unix binaries that can be exploited to bypass system security restrictions.

百宝箱

intercepting kali router

A webshell framework for penetration testers.

HaE - BurpSuite Highlighter and Extractor

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

bebasid dapat membantu membuka halaman situs web yang diblokir oleh pemerintah Indonesia dengan memanfaatkan hosts file.

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

A hackable malware sandbox for the 21st Century

Simple method of checking whether or not mouse movement or buttons (<windows 10) are injected

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).

No description or website provided.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

A Burp plugin that collects Burp request parameters, directories, paths and file names into the database for sorting

这是基于Burp Suite官方文档翻译而来的中文版文档

|| Activate Burp Suite Pro with Loader and Key-Generator ||

Handbook of information collection for penetration testing and src

Malware hashes for open source projects.

Knowledge seeks no man

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

Malware sample exchange system and API intended for Anti-Virus companies and researchers.

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)

extract ja3(s) when sniffing or from a pcap.

This Burp extension helps you to find usages of postMessage and recvMessage

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

👁‍🗨 This script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid.

Bypass it, you won't be Banned when playing cheats 2022

My curated list of awesome links, resources and tools on infosec related topics

A checklist of important security issues you should consider when creating a web application.

🎯 XML External Entity (XXE) Injection Payload List

Libellux: Up & Running provides documentation on how-to install open-source software from source. The focus is Zero Trust Network to enhance the security for existing applications or install tools to detect and prevent threats.

免杀 defender 360 cobalstrike shellcode

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"