608 Open source projects that are alternatives of or similar to Killchain

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

A set of recipes useful in pentesting and red teaming scenarios

An information gathering tool to collect git commit emails in version control host services

Dradis Framework: Colllaboration and reporting for IT Security teams

A curated list of awesome OSCP resources

Credential stuffing engine built for security professionals

A collection of public offensive and defensive security related scripts for InfoSec students.

Interactive Network Scanner

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Find exploit tool

A script written lazily for generating cross-platform backdoors on the go :)

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

Study Notes For Web Hacking / Web安全学习笔记

A container repository for my public web hacks!

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

The best Hacking and PenTesting tools installer on the world

Quickly analyze and reverse engineer Android packages

Powerful Visual Subdomain Enumeration at the Click of a Mouse

A curated list of awesome privilege escalation

Subdomain Takeover tool written in Go

Detect deauthentication frames using an ESP8266

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

🔥 A powerful MongoDB auditing and pentesting tool 🔥

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Fast browser-based network discovery module

🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:

A curated list of amazingly awesome Cybersecurity datasets

A list to discover work of red team tooling and methodology for penetration testing and security assessment

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Automatic SQL injection and database takeover tool

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Python network worm that spreads on the local network and gives the attacker control of these machines.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

📡 A python program to create a fake AP and sniff data.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

The ultimate WinRM shell for hacking/pentesting

Fast Modular Web Interfaces Bruteforcer

The iOS Security Testing Framework

Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.

A simple tool for interacting with OWASP ZAP from the commandline.

RedSnarf is a pen-testing / red-teaming tool for Windows environments

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Side-channel toolkit in Julia

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-The-Hash technique

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

WhiteWinterWolf's PHP web shell

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Script to automate PUT HTTP method exploitation to get shell

被动式漏洞扫描系统

DeepSea Phishing Gear

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)