469 Open source projects that are alternatives of or similar to ligolo-ng

unix SSH post-exploitation 1337 tool

Bifrost C2. Open-source post-exploitation using Discord API

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

备考 OSCP 的各种干货资料/渗透测试干货资料

Network Pivoting Toolkit

C2/post-exploitation framework

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...

The Collective. A repo for a collection of red-team projects found mostly on Github.

Red Teaming Tactics and Techniques

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

Automatic Reverse Shell Generator

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Search for Unix binaries that can be exploited to bypass system security restrictions.

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

Awesome cloud enumerator

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Overlord - Red Teaming Infrastructure Automation

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Relational database brute force and post exploitation tool for MySQL and MSSQL

C# tool to discover low hanging fruits

A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.

network reconnaissance toolkit

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

Venom - A Multi-hop Proxy for Penetration Testers

Automation for internal Windows Penetrationtest / AD-Security

Red Teaming Tactics and Techniques

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A high performance offensive security tool for reconnaissance and vulnerability scanning

It records your terminal, then lets you upload to ASHIRT

linux post-exploitation framework made by linux user

Load shellcode into a new process

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

🌒 Shell command obfuscation to avoid detection systems

Pentesting/Bugbounty Dockerfiles.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

👻Impost3r -- A linux password thief

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Assist reverse tcp shells in post-exploration tasks

metasploit-framework 图形界面 / 图形化内网渗透工具

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

A tool to extract and abuse access tokens from AzureCLI for bypassing 2FA/MFA.

整理一些内网常用渗透小工具

Rustcat(rcat) - The modern Port listener and Reverse shell

A HTTP/S forwarding proxy in Go

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

Multi source CVE/exploit parser.

A C2 post-exploitation framework

Linux post exploitation privilege escalation enumeration

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)