2005 Open source projects that are alternatives of or similar to Jwtxploiter

Find web directories without bruteforce

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Get GTFOBins info about a given exploit from the command line

ImageStrike是一款用于CTF中图片隐写的综合利用工具

Bifrost C2. Open-source post-exploitation using Discord API

JSON RSA to HMAC and None Algorithm Vulnerability POC

Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.

Framework for rapid development and reusable of security tools

一个为渗透测试与CTF而制作的工具集，主要实现一些加解密的功能。

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

Passwords Recovery Tool

A Tool for Domain Flyovers

ctfcli is a tool to manage Capture The Flag events and challenges

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Universal "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK with no dependencies

Web Recon & Exploitation Tool.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Cross-platform CTF problem container manager

A tool for fuzzing for ports that allow outgoing connections

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Overlord - Red Teaming Infrastructure Automation

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Awesome cloud enumerator

Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs

DEFCON CTF 2017 Stuff of Shit by HITCON

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Search for Directory Traversal Vulnerabilities

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Privilege Escalation Enumeration Script for Windows

Simple JWT Golang

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Burp Suite extension to passively scan for applications revealing server error messages

A JSON file RESTful API with authorization based on json-server

The Collective. A repo for a collection of red-team projects found mostly on Github.

A curated list of awesome infosec courses and training resources.

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Offensive Reverse Shell (Cheat Sheet)

A JWT (JSON Web Token) Encoder & Decoder

Build a database of libc offsets to simplify exploitation

🤖 The Modern Port Scanner 🤖

Python 3.5+ DNS asynchronous brute force utility

Simple Karma Attack

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Idiomatic nmap library for go developers

Angular Full Stack project built using Angular, Express, Mongoose and Node. Whole stack in TypeScript.

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

Browse and search through nmap's NSE scripts.

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

A flag submitter service with distributed attackers for attack/defense CTF games.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Learning Penetration Testing of Android Applications

Penetration Testing Platform