512 Open source projects that are alternatives of or similar to Insectsawake

Hacking Toolkit

Linux enumeration tool for pentesting and CTFs with verbosity levels

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

Fast CORS misconfiguration vulnerabilities scanner🍻

Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

Burp被动扫描流量转发插件

A simple tool for interacting with OWASP ZAP from the commandline.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Advanced Web Shell

Extracting URLs of a specific target based on the results of "commoncrawl.org"

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

hydra

Monitor linux processes without root permissions

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A swiss army knife for pentesting networks

my oscp prep collection

mXtract - Memory Extractor & Analyzer

Advanced vulnerability scanning with Nmap NSE

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

红队综合渗透框架

Penetration testing and auditing toolkit for Android apps.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Python network tool, similar to Netcat with custom features.

Directory/File, DNS and VHost busting tool written in Go

small python3 tool to check common vulnerabilities in SMTP servers

web-based OSINT and reconaissance toolkit

Penetration Testing notes, resources and scripts

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.

Open source pre-operation C2 server based on python and powershell

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

A container repository for my public web hacks!

Handbook of information collection for penetration testing and src

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Fast web fuzzer written in Go

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

Credential stuffing engine built for security professionals

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Automatically Launch Google Hacking Queries Against A Target Domain

DeepSea Phishing Gear

Intelligence tool but without API key

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A repo with information about security of Ethereum Smart Contracts

A Cloudflare resolver that works

Dump exposed HTTP .git fast

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

Wiki to collect Red Team infrastructure hardening resources

DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers

an easy pentesting tool.

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.