401 Open source projects that are alternatives of or similar to Java Deserialization Cheat Sheet

Library for manually creating Java serialization data.

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

A wrapper for Nmap to quickly run network scans

Windows one line commands that make life easier, shortcuts and command line fu.

A Cloudflare resolver that works

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

SSRF (Server Side Request Forgery) testing resources

Network protocol auditing framework

WhiteWinterWolf's PHP web shell

Centralize Vulnerability Assessment and Management for DevSecOps Team

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

The ultimate WinRM shell for hacking/pentesting

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Red Teaming Tactics and Techniques

Passwords Recovery Tool

A collection of useful scripts for Cobalt Strike

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Powerful Visual Subdomain Enumeration at the Click of a Mouse

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Know the dangers of credential reuse attacks.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

For all your network pentesting needs

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

Monitor linux processes without root permissions

Study Notes For Web Hacking / Web安全学习笔记

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A tool to test security of json web token

🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

File upload vulnerability scanner and exploitation tool.

A simple dns resolver of dns-record and web-record log server for pentesting

A simple tool for interacting with OWASP ZAP from the commandline.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Web hacking framework with tools, exploits by python

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

Python network worm that spreads on the local network and gives the attacker control of these machines.

A tool to hunt for publicly accessible DigitalOcean Spaces

A script written lazily for generating cross-platform backdoors on the go :)

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

An evil RAT (Remote Administration Tool) for macOS / OS X.

A tool to abuse Exchange services

Tool to automate common OSINT tasks

Set of tools to audit SIP based VoIP Systems

Encoder to bypass WAF filters using XOR operations

Relational database brute force and post exploitation tool for MySQL and MSSQL

备考 OSCP 的各种干货资料/渗透测试干货资料

Python network tool, similar to Netcat with custom features.

Hashcat web interface