1185 Open source projects that are alternatives of or similar to Impost3r

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

This repository contains full code examples from the book Gray Hat C#

🔐 Docker Container for Penetration Testing & Security

Red Teaming Tactics and Techniques

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

The all-in-one Red Team extension for Web Pentester 🛠

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

🤖 The Modern Port Scanner 🤖

Python 3.5+ DNS asynchronous brute force utility

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

A collection of public offensive and defensive security related scripts for InfoSec students.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Hashcat web interface

Search for Directory Traversal Vulnerabilities

Find exploit tool

Find web directories without bruteforce

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

SSRF (Server Side Request Forgery) testing resources

Webshell Manager

🔐 Open Source Python Keylogger Collection

Overlord - Red Teaming Infrastructure Automation

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

EmbedOS - Embedded security testing virtual machine

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

OSINT

Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓

Intelligence and Reconnaissance Package/Bundle installer.

A ZigBee hacking toolkit by Bishop Fox

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Cameradar hacks its way into RTSP videosurveillance cameras

AWS Identity and Access Management Visualizer and Anomaly Finder

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

A Virtual environment for Pentesting IoT Devices

🌒 Shell command obfuscation to avoid detection systems

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Pentesting/Bugbounty Dockerfiles.

A tool to automate penetration tests

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Yet Another PHP Shell - The most complete PHP reverse shell

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions