1805 Open source projects that are alternatives of or similar to Hackvault

Network based protocol fuzzer

Do some quick reconnaissance on a domain-based web-application

Powerful dork searcher and vulnerability scanner for windows platform

Infosec Wordlists

Open Redirect Payloads

Making Favicon.ico based Recon Great again !

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

pentest framework

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

Source code for Hacker101.com - a free online web and mobile security class.

👨‍🏫 Mike's Web Security Course

Git All the Payloads! A collection of web attack payloads.

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Human and machine readable web vulnerability testing format

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

A list of useful payloads for Web Application Security and Pentest/CTF

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

The all-in-one Red Team extension for Web Pentester 🛠

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

mXtract - Memory Extractor & Analyzer

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Hacking tools

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

PoC exploit for CVE-2016-4622

A set of recipes useful in pentesting and red teaming scenarios

Rust bindings for the Oniguruma regex library

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

Samsung Galaxy S3 GT-I9300 eMMC toolbox

Responsive Command and Control System

DFPM is a browser extension for detecting browser fingerprinting.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

Monitor, Alert, and Discover sensitive info and data leakage on Github.

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

📊 Websites, Resources, Devices, Wearables, Applications, and Platforms for Self Tracking

A Python3 based single-file subdomain enumerator

Venom - A Multi-hop Proxy for Penetration Testers

ArcHeap: Automatic Techniques to Systematically Discover New Heap Exploitation Primitives

🤖 Repeat tests. Repeat tests. Repeat tests.

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

📖 [译] SploitFun Linux x86 Exploit 开发系列教程

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

won't maintain

An extensible application for penetration testers and software developers to decode/encode data into various formats.

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

CryptoLocker is open source files encrypt-er. Crypto is developed in Visual C++. It has features encrypt all file, lock down the system and send keys back to the server. Multi-threaded functionality helps to this tool make encryption faster.

Online Learning for Human Detection in 3D Point Clouds

A curated list of various bug bounty tools

Automation for internal Windows Penetrationtest / AD-Security

Scan and Export RouterOS Password