1577 Open source projects that are alternatives of or similar to Ladongo

Automated NoSQL database enumeration and web application exploitation tool.

⛷ A collection of hacker scripts.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Misc. Public Reports of Penetration Testing and Security Audits.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

It's a simple tool for test vulnerability shellshock

Web-based Source Code Vulnerability Scanner

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Exploit Discord's cache system to remote upload payloads on Discord users machines

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

Next generation web scanner

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)

Working Python test and PoC for CVE-2018-11776, includes Docker lab

Exploit Code for CVE-2020-1472 aka Zerologon

PoC materials for article https://habr.com/en/post/486856/

hacker, ready for more of our story ! 🚀

Proof of concept code for the Spectre CPU exploit.

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

A social experiment

DNS Sub-domain brute forcer, in Python + gevent

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.

SVScanner - Scanner Vulnerability And MaSsive Exploit.

The Swiss Army knife for automated Web Application Testing

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

NodeJS Simple Network Scanner

红队综合渗透框架

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

Web Application Security Scanner Framework

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

PS / Bash / Python / Other scripts For FUN!

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

an RCE (remote command execution) approach of CVE-2018-7750

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

An automated target reconnaissance pipeline.

Modlishka. Reverse Proxy.

Single Shot Tracker

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

ImageNet 2015 Object Detection from Video (VID)

Network footprint scanner platform. Discover domains and run your custom checks periodically.

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

IoT 固件漏洞复现环境

Parse: A Static Security Scanner

Simple HS256 JWT token brute force cracker

💻 Netcat client and server modules written in pure Javascript for Node.js.

swiss army knife for hackers

HTTP file upload scanner for Burp Proxy

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Browser fingerprinting library with the highest accuracy and stability.

Web application vulnerability scanner

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Visual Object Tagging Tool: An electron app for building end to end Object Detection Models from Images and Videos.