442 Open source projects that are alternatives of or similar to Intersect 2.5

备考 OSCP 的各种干货资料/渗透测试干货资料

unix SSH post-exploitation 1337 tool

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Little tool made in python to create payloads for Linux, Windows and OSX with unique handler

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

Sifter aims to be a fully loaded Op Centre for Pentesters

🆕 The Multi-Tool Web Vulnerability Scanner.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Directory Services Internals (DSInternals) PowerShell Module and Framework

An HTTP/HTTPS intercept proxy written in Go.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

A portable console aimed at making pentesting with PowerShell a little easier.

🐶 A curated list of Web Security materials and resources.

Tools for Hacking

Burp Suite extension to passively scan for applications revealing server error messages

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Web path scanner

A cross-platform note-taking & target-tracking app for penetration testers.

A default credential scanner.

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Hacking Toolkit

Automated Penetration Testing Framework

venom - shellcode generator/compiler/handler (metasploit)

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Burp extension to passively scan for applications revealing software version numbers

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Simple Karma Attack

An open-source post-exploitation framework for students, researchers and developers.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Self contained htaccess shells and attacks

Discover Your Attack Surface!

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

Gorsair hacks its way into remote docker containers that expose their APIs

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

IPv6 attack toolkit

Collection of tips, tools and tutorials around infosec

Ruby on Rails Phishing Framework

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

USB Rubber Ducky type scripts written for the DigiSpark.

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

DotDotPwn - The Directory Traversal Fuzzer

A Python-powered exploitation framework and botnet.

Bash post exploitation toolkit

A web front-end for password cracking and analytics

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Scripts I use during pentest engagements.

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Infection Monkey - An automated pentest tool