1008 Open source projects that are alternatives of or similar to Kaboom

A simple, extensible C&C beaconing system.

Misc. Public Reports of Penetration Testing and Security Audits.

recon-ng modules for Censys

PENIOT: Penetration Testing Tool for IoT

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

Ladon Moudle MS17010 Exploit for PowerShell

PyTorch Lightning + Hydra. A very user-friendly template for rapid and reproducible ML experimentation with best practices. ⚡🔥⚡

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

A Modular Penetration Testing Framework

WiFi Penetration Testing Guide

cms识别

A bash script for recon and DOS attacks

Opening the door, one reverse shell at a time

A very loud but fast recon scan and pentest template creator for use in CTF's/OSCP/Hackthebox...

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Script to spider a website and find publicly open S3 buckets

Everything needed for doing CTFs

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Automated Web Recon Shell Scripts

It's a tool which generate a dictionary from a csv containing personals informations. Generate all common passwords based on perso info. (leet transformations and combinatory processing)

Gets in the way of your victim's traffic and out of yours

Hyku: A multi-tenant Hyrax application built on the latest and greatest Samvera community components. Brought to you by the Hydra-in-a-Box project partners and IMLS; maintained by the Hyku Interest Group.

locate and attack Lync/Skype for Business

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

Presentations at the Tokyo Nixos Meetup

🔑 ftpknocker is a multi-threaded scanner for finding anonymous FTP servers

Bash script that automates the enumeration of domains and DNS servers in the active information gathering.

tcp connection hijacker, rust rewrite of shijack

Pentesting/Bugbounty Dockerfiles.

nuclei framework scripts

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Fast website scraper and wordlist generator

ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.

Pentest/BugBounty progress control with scanning modules

Generate Hydra code randomly. Livecode it

Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )

Contained is all my reference material for my OSCP preparation. Designed to be a one stop shop for code, guides, command syntax, and high level strategy. One simple clone and you have access to some of the most popular tools used for pentesting.

neural network based speaker embedder

Python Script to help/automate the WiFi hacking exercises.

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Generate React or Vue.js-based Progressive Web Apps from an Hydra-enabled API. Also support React Native.

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

./kumasia php simple backdoor

Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

BloodHound Docker Ready to Use

My notebook for OSCP Lab

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning

pure python remote adb scanner + nmap scan module

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

Tools used for Penetration testing / Red Teaming

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.