1008 Open source projects that are alternatives of or similar to Htshells

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

A collection of hacking / penetration testing resources to make you better!

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Webshell Jumping Edition

An exploit for Apache Struts CVE-2017-5638

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Yet Another PHP Shell - The most complete PHP reverse shell

An exploit for Apache Struts CVE-2018-11776

my oscp prep collection

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Advanced vulnerability scanning with Nmap NSE

A webshell framework for penetration testers.

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Asynchronous Python implementation of SlowLoris DoS attack

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Infection Monkey - An automated pentest tool

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

OWASP Joomla Vulnerability Scanner Project

Modern tactical exploitation toolkit.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Docker containers running Alpine Linux and s6 for process management. Solid, reliable containers.

An IDA Pro plugin to examine the glibc heap, focused on exploit development

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Gorsair hacks its way into remote docker containers that expose their APIs

Hacking Toolkit

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

USB Rubber Ducky type scripts written for the DigiSpark.

Apache Wicket - Component-based Java web framework

Web path scanner

Hack the World using Termux

Advanced Web Shell

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A distributed nmap / masscan scanning framework complete with an API client for automation workflows

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

IPv6 attack toolkit

MetaCall: The ultimate polyglot programming experience.

🎩 A fake log generator for common log formats

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

DotDotPwn - The Directory Traversal Fuzzer

(Do)cumentation (Ge)nerator 10+ languages 📚 Generate proper code documentation skeletons with a single keypress. ⚡️🔥

Apache Traffic Control is an Open Source implementation of a Content Delivery Network

A cross-platform note-taking & target-tracking app for penetration testers.

A web front-end for password cracking and analytics

hydra