512 Open source projects that are alternatives of or similar to Insectsawake

Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Linux post exploitation privilege escalation enumeration

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A high performance offensive security tool for reconnaissance and vulnerability scanning

Enumerate and decrypt TeamViewer credentials from Windows registry

RubberDucky like payloads for DigiSpark Attiny85

A static analysis tool for security

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

A simple tool for interacting with OWASP ZAP from the commandline.

Extracting URLs of a specific target based on the results of "commoncrawl.org"

Monitor linux processes without root permissions

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Advanced vulnerability scanning with Nmap NSE

Penetration testing and auditing toolkit for Android apps.

Python network tool, similar to Netcat with custom features.

web-based OSINT and reconaissance toolkit

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Linux and Windows shellcode enrichment utility

Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box

An automated e-mail OSINT tool

Hashcat web interface

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

WhiteWinterWolf's PHP web shell

Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.

Turn your Burp suite into headless active web application vulnerability scanner

Security scanner for your Terraform code

Windows one line commands that make life easier, shortcuts and command line fu.

⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Greenbone Vulnerability Manager

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

A Virtual environment for Pentesting IoT Devices

Python network worm that spreads on the local network and gives the attacker control of these machines.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

An evil RAT (Remote Administration Tool) for macOS / OS X.

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

Encoder to bypass WAF filters using XOR operations

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Advanced and easy to use penetration testing framework 💣🔎

Know the dangers of credential reuse attacks.

A wrapper for Nmap to quickly run network scans

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

PHP function tracker

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Evaluate the security of S3 buckets

Centralize Vulnerability Assessment and Management for DevSecOps Team

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)

The all-in-one Red Team extension for Web Pentester 🛠