1144 Open source projects that are alternatives of or similar to Hacker_ezines

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Sniffer vulnerabilities in http request (chrome extension)

平常看到好的渗透hacking工具和多领域效率工具的集合

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

The Swiss Army knife for automated Web Application Testing

🔪Browser logic vulnerabilities ☠️

Android Kernel Exploitation

快速搭建各种漏洞环境(Various vulnerability environment)

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Most usable tools for iOS penetration testing

OWASP Threat Dragon core files

.git 泄漏利用工具，可还原历史版本

Freedom Fighting Mode: open source hacking harness

Poc Collected for study and develop

Go Web Application Penetration Test

这是一个抓取浏览器密码的工具，后续会添加更多功能

Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits

Micro-framework for rapid development of reusable security tools

mXtract - Memory Extractor & Analyzer

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Exploit Discord's cache system to remote upload payloads on Discord users machines

PegaSwitch is an exploit toolkit for the Nintendo Switch

Writing custom backdoor payloads with C# - Defcon 27 Workshop

all mine papers, pwn & exploit

Powershell攻击指南----黑客后渗透之道

Mikrotik RouterOS (6.x < 6.38.5) exploit kit. Reverse engineered from the "Vault 7" WikiLeaks publication.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

A collection of higher-level aws cdk constructs: slack-approval-workflow, #slack & msteams notifications, chatops, blue-green-container-deployment, codecommit-backup, OWASP dependency-check, contentful-webhook, github-webhook, stripe-webhook, static-website, pull-request-check, pull-request-approval-rule, codepipeline-merge-action, codepipeline-check-parameter-action...

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.

Exploits and Security Tools Framework 2.0.1

🔎 Hunt down social media accounts by username across social networks

It's a simple tool for test vulnerability shellshock

Discover duplication glitches, abusive staff giving items, x-ray or simply poor server economy.

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

secureCodeBox (SCB) - continuous secure delivery out of the box

A laboratory for learning secure web and mobile development in a practical manner.

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Miscellaneous exploit code

OWASP ZAP Add-ons

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Some of my CTF solutions

exploit

Disabling kernel lockdown on Ubuntu without physical access

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Yet another implementation of AEG (Automated Exploit Generation) using symbolic execution engine Triton.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

OWASP ZSC - Shellcode/Obfuscate Code Generator

This repository contains payload to test NoSQL Injections

Notes about attacking Jenkins servers

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Auto Scanning to SSL Vulnerability

Awesome cloud enumerator

pentest framework

A curated list of resources for learning about application security

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

Scalable fuzzing infrastructure.

backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.