370 Open source projects that are alternatives of or similar to hathi

Burp extension to passively scan for applications revealing software version numbers

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Collection of the cheat sheets useful for pentesting

Captive wifi hotspot bypass tool for Linux

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Get GTFOBins info about a given exploit from the command line

A repository of tools for pentesting of restricted and isolated environments.

Automated script to run all modules for a specified list of domains, netblocks or company name

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A Security Tool for Enumerating WebSockets

Quick SQL Scanner, Dorker, Webshell injector PHP

Scripts usados en mi formación de Offensive Security por medio de la suscripción Learn Unlimited

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow

A place where I can create, collect and share tooling, resources and knowledge about information security.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Collection of tips, tools and tutorials around infosec

Notes from OSCP, CTF, security adventures, etc...

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

brute force SSH public-key authentication

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

JSON RSA to HMAC and None Algorithm Vulnerability POC

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Totally Insecure Web Application Project (TIWAP)

Scripts I use during pentest engagements.

General stuff for pentesting - password cracking, phishing, automation, Kali, etc.

Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.

:.IP webcam penetration test suit.:

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Go library for credentials recovery

A wrapper for Nmap to quickly run network scans

Obtain GraphQL API Schema even if the introspection is not enabled

🆕 The Multi-Tool Web Vulnerability Scanner.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

recon-ng modules for Censys

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Wireshark Cheat Sheet

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Script to spider a website and find publicly open S3 buckets

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

Self contained htaccess shells and attacks

Automated Web Recon Shell Scripts

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Cheat-Sheet of tools for penetration testing

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Gorsair hacks its way into remote docker containers that expose their APIs

Pentest: Subdomains enumeration tool for penetration testers.

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

备考 OSCP 的各种干货资料/渗透测试干货资料

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms