370 Open source projects that are alternatives of or similar to hathi

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Generates malicious LNK file payloads for data exfiltration

The LAZY script will make your life easier, and of course faster.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

PowerShell payload generator

Awesome Vulnerable Applications

Mobile penetration testing android & iOS command cheatsheet

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Work in progress...

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

Code from Blackhat Python book

Turn PuTTY into an SSH login bruteforcing tool.

🔐 Docker Container for Penetration Testing & Security

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Vagrant VirtualBox environment for conducting an internal network penetration test

Find cloud assets that no one wants exposed 🔎 ☁️

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Hakku Framework penetration testing

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

Collection of the cheat sheets useful for pentesting

Quick SQL Scanner, Dorker, Webshell injector PHP

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi penetration testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements.

ANDRAX The first and unique Penetration Testing platform for Android smartphones

Collect email addresses by crawling search engine results.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Rubyfu, where Ruby goes evil!

nnposter's alternate fingerprint dataset for Nmap script http-default-accounts

Microsoft Azure Exploitation Framework

A pure-Python ARP Cache Poisoning (a.k.a "ARP Spoofing") tool

Cameradar hacks its way into RTSP videosurveillance cameras

Intercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion

Kali image with kali-linux-full metapackage installed, build every night.

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Pentest: Subdomains enumeration tool for penetration testers.

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.