608 Open source projects that are alternatives of or similar to Killchain

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

The Shadow Attack Framework

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

A high performance offensive security tool for reconnaissance and vulnerability scanning

Red Teaming Tactics and Techniques

Using Socks4/5 proxy to make a multithreading Http-flood/Https-flood (cc) attack.

A simple dns resolver of dns-record and web-record log server for pentesting

Official TensorFlow Implementation of Adversarial Training for Free! which trains robust models at no extra cost compared to natural training.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

For all your network pentesting needs

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Windows one line commands that make life easier, shortcuts and command line fu.

A collection of useful scripts for Cobalt Strike

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

💫 An asynchronous Low & Slow traffic generator, written in Rust

XSS'OR - Hack with JavaScript.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

Penetration test Achieve Knowledge Unite Rapid Interface

一个用于识别目标网站是否采用Struts2框架开发的工具demo

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

File upload vulnerability scanner and exploitation tool.

Pentesting suite for Maltego based on data in a Metasploit database

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

An information gathering tool to collect git commit emails in version control host services

A tool to hunt for publicly accessible DigitalOcean Spaces

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A tool to abuse Exchange services

🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:

Yet another one hard-hitting tool to run HTTP stress tests 🌌

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Python network worm that spreads on the local network and gives the attacker control of these machines.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

📡 A python program to create a fake AP and sniff data.

A simple tool for interacting with OWASP ZAP from the commandline.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

SMB Relay Attack Script

Human and machine readable web vulnerability testing format

Side-channel toolkit in Julia

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Wiegand data logger, replay device and micro door-controller

Atomic Purple Team Framework and Lifecycle

Docker images for infosec tools

Nailgun attack on ARM devices.

Adds a customizable "Send to..."-context-menu to your BurpSuite.

An evil RAT (Remote Administration Tool) for macOS / OS X.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

A ZigBee hacking toolkit by Bishop Fox

Linux enumeration tool for pentesting and CTFs with verbosity levels

Web hacking framework with tools, exploits by python

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.