2356 Open source projects that are alternatives of or similar to Hacker Container

A curated list of awesome privilege escalation

Automatically Launch Google Hacking Queries Against A Target Domain

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Useful tools and scripts during Penetration Testing engagements

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Intelligence and Reconnaissance Package/Bundle installer.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Penetration Testing notes, resources and scripts

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Powerfull XSS Scanning and Parameter analysis tool&gem

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Damn Vulnerable Web Application (DVWA)

Collection of quality safety articles. Awesome articles.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

A collection of awesome security hardening guides, tools and other resources

Automated Red Team Infrastructure deployement using Docker

A web front-end for password cracking and analytics

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Gorsair hacks its way into remote docker containers that expose their APIs

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Exploit Pack -The next generation exploit framework

被动式漏洞扫描系统

Tools, tips, tricks, and more for exploring ICS Security.

Advanced Web Shell

Ruby on Rails Phishing Framework

A collection of various GitHub gists for hackers, pentesters and security researchers

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

A list of resources for those interested in getting started in bug bounties

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

A collection of public offensive and defensive security related scripts for InfoSec students.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

A curated list of awesome OSCP resources

Dark Web OSINT Tool

Scripts I use during pentest engagements.

记录自己编写、修改的部分工具

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Vulnerability Dashboard

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

A default credential scanner.

Notes about attacking Jenkins servers

CVE-2016-8610 (SSL Death Alert) PoC

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Simple Golang HTTPS/TLS Examples

Snoop — инструмент разведки на основе открытых данных (OSINT world)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

jSQL Injection is a Java application for automatic SQL database injection.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍