2818 Open source projects that are alternatives of or similar to Infosec_reference

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Linux enumeration tool for pentesting and CTFs with verbosity levels

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A collection of various awesome lists for hackers, pentesters and security researchers

Free Security and Hacking eBooks

Next generation web scanner

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Study Notes For Web Hacking / Web安全学习笔记

The all-in-one Red Team extension for Web Pentester 🛠

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

my oscp prep collection

📡 A python program to create a fake AP and sniff data.

Don't let buffer overflows overflow your mind

🎯 XML External Entity (XXE) Injection Payload List

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Find cloud assets that no one wants exposed 🔎 ☁️

Wireshark Cheat Sheet

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Awesome hacking is an awesome collection of hacking tools.

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

Hawkeye filesystem analysis tool

Vagrant VirtualBox environment for conducting an internal network penetration test

An evil RAT (Remote Administration Tool) for macOS / OS X.

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

My own OSCP guide

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Notes Taken for HTB Machines & InfoSec Community.

Brahma - Privilege elevation exploit for Nintendo 3DS

Pentest: Subdomains enumeration tool for penetration testers.

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Multi source CVE/exploit parser.

A simple remote tool in C#.

Hacking IKEA TRÅDFRI products, such as light bulbs, window blinds and other accessories.

Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler

The essential toolkit for reversing, malware analysis, and cracking

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Bypass UAC by abusing the Internet Explorer Add-on installer

You didn't think I'd go and leave the blue team out, right?

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Some good resources for getting started with application security

Collection of several DDos tools.

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Script to spider a website and find publicly open S3 buckets

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A friendly Toolkit for Beginner CTF players

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Get GTFOBins info about a given exploit from the command line

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Writeups for infosec Capture the Flag events by team Galaxians

Scripts to process macOS forensic artifacts

Bypass UAC at any level by abusing the Task Scheduler and environment variables

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.