1008 Open source projects that are alternatives of or similar to Kaboom

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

渗透测试☞经验/思路/总结/想法/笔记

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Flexible components pairing 🤗 Transformers with Pytorch Lightning

Red Teaming Tactics and Techniques

A simple dns resolver of dns-record and web-record log server for pentesting

Web Penetration Testing with Kali Linux - Third Edition, published by Packt

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

All MITM attacks in one place.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Summary of online learning materials

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

A collection of useful scripts for Cobalt Strike

JSON RSA to HMAC and None Algorithm Vulnerability POC

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Collect email addresses by crawling search engine results.

Fast web fuzzer written in Go

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

Modular and extensible speech recognition library leveraging pytorch-lightning and hydra.

Pentester's Promiscuous Notebook

A tool to hunt for publicly accessible DigitalOcean Spaces

THE ESP8266 HONEYPOT

Free advanced and modern Windows botnet with a nice and secure PHP panel.

Botnet targeting Windows machines written entirely in Python & open source security project.

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

Hydra-enabled GPU path tracer that supports MaterialX and MDL.

A tool to abuse Exchange services

An Identity Provider for ORY Hydra over LDAP

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Totally Insecure Web Application Project (TIWAP)

📡 A python program to create a fake AP and sniff data.

Automated tool for WiFi hacking.

Burpsuite-Plugins-Usage

Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.

Web Application Security Scanner Framework

Human and machine readable web vulnerability testing format

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

🤖 The Modern Port Scanner 🤖

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Adds a customizable "Send to..."-context-menu to your BurpSuite.

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Linux enumeration tool for pentesting and CTFs with verbosity levels

My notes on PentesterLab's Bootcamp series 🕵️

Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

Dark-Phish is a complete phishing tool. For more about Dark-Phish tool please visit the website.

Elasticsearch for Offensive Security