3159 Open source projects that are alternatives of or similar to K8cscan

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

Framework for rapid development and reusable of security tools

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

Level Up Your SQL-Queries

Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Yet Another PHP Shell - The most complete PHP reverse shell

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

🦸【C#/.NET/.NET Core学习、工作、面试指南】概述：C#/.NET/.NET Core基础知识，学习资料、文章、书籍，社区组织，工具和常见的面试题总结。以及面试时需要注意的事项和优秀简历编写技巧，希望能和大家一起成长进步👊。【让现在的自己不再迷漫✨】

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Web Application Security Scanner Framework

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Tool to generate smart and powerful wordlists

(deprecated) Android application vulnerability analysis and Android pentest tool

数据库审核平台

Hacker101 CTF Writeup

Extract subdomains from SSL certificates in HTTPS sites.

requery - modern SQL based query & persistence for Java / Kotlin / Android

A list of web application security

Migrate to PostgreSQL in a single command!

OWASP WEB Directory Scanner

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Extensible, multi-dialect SQL query builder and Database connection framework for NodeJS

A collection of android Exploits and Hacks

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

Datafaker is a large-scale test data and flow test data generation tool. Datafaker fakes data and inserts to varied data sources. 测试数据生成工具

基于EF Core的Code First模式的DotNetCore快速开发框架，其中包括DBContext、IOC组件autofac和AspectCore.Injector、代码生成器（也支持DB First）、基于AspectCore的memcache和Redis缓存组件，以及基于ICanPay的支付库和一些日常用的方法和扩展，比如批量插入、更新、删除以及触发器支持，当然还有demo。欢迎提交各种建议、意见和pr~

swiss army knife for hackers

Chromepass - Hacking Chrome Saved Passwords

🧰 The Rust SQL Toolkit. An async, pure Rust SQL crate featuring compile-time checked queries without a DSL. Supports PostgreSQL, MySQL, SQLite, and MSSQL.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Generate a Go ORM tailored to your database schema.

A handy collection of my public exploits, all in one place.

Free universal database tool and SQL client

linux-kernel-exploits Linux平台提权漏洞集合

Sifter aims to be a fully loaded Op Centre for Pentesters

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A curated list of awesome privilege escalation

Quickly analyze and reverse engineer Android packages

A general F# SQL database erasing type provider, supporting LINQ queries, schema exploration, individuals, CRUD operations and much more besides.

The Web Application Hacker's Handbook - Extra Content

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

特色：vs插件或者t4一键生成entity 支持配置非物理外键。分离linq转sql引擎(原生linq非扩展)和执行dal功能,支持异步,支持netcore2.0

Automatically Launch Google Hacking Queries Against A Target Domain

Penetration Testing notes, resources and scripts

Information Gathering tool for a Website or IP address

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Blueborne CVE-2017-0785 Android information leak vulnerability

SymmetricDS is a database and file synchronization solution that is platform-independent, web-enabled, and database agnostic. SymmetricDS was built to make data replication across two to tens of thousands of databases and file systems fast, easy and resilient. We specialize in near real time, bi-directional data replication across large node networks over the WAN or LAN.

Apache Solr Injection Research

Make ORMs great again!

Proofs-of-concept