718 Open source projects that are alternatives of or similar to Intranet_penetration_cheetsheets

Collection of quality safety articles. Awesome articles.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Awesome cloud enumerator

An HTTP/HTTPS intercept proxy written in Go.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

记录自己编写、修改的部分工具

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

🔺 Red Team Hardware Toolkit 🔺

🎯 PHP / ASP - Shell Backdoor List 🎯

Network Pivoting Toolkit

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

OSINT

🎯 XML External Entity (XXE) Injection Payload List

备考 OSCP 的各种干货资料/渗透测试干货资料

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A list of payload and bypass lists for penetration testing and red team infrastructure build.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

🎯 SQL Injection Payload List

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

红队作战中比较常遇到的一些重点系统漏洞整理。

Enumerate information from NTLM authentication enabled web endpoints 🔎

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🐳 Full-fledged Android SDK Docker Image

Email recon made fast and easy, with a framework to build on

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Mengobati rasa ingin tahu atau kadang hanya iseng

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Notes about attacking Jenkins servers

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

WSSH Is a tool for brute forcing servers that has port 22 open via ssh, wssh is probably the fastest ssh brute forcer available

A curated list of awesome Hacking tutorials, tools and resources

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

TextFiles.com mirror

A list of resources for those interested in getting started in bug bounties

(Not actively maintained, use DRV3-Sharp) Tools for extracting and re-injecting files for Danganronpa V3 for PC.

Our super sweet hacker management system, built for HackTCNJ 2017+ | Used by [email protected] 2018!

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

Tools, tips, tricks, and more for exploring ICS Security.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Reproducible and extensible BloodHound playbooks

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

jSQL Injection is a Java application for automatic SQL database injection.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

Scripts I use during pentest engagements.

Crack password hashes without the fuss 🐈

ALL IN ONE Hacking Tool For Hackers

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

🐶 A curated list of Web Security materials and resources.