804 Open source projects that are alternatives of or similar to Linux Soft Exploit Suggester

Fast directory scanning and scraping tool

Vulnerable Web applications Generator

Apache Solr Injection Research

Minecraft (Bedrock Edition) server software written in Go

WPScan rewritten in Python + some WPSeku ideas

Documentation and Tools for Cisco's PSIRT openVuln API

A list of security/hacking tools that have been collected from the internet. Suggestions are welcomed.

Collection of awesome podcasts

Hershell is a simple TCP reverse shell written in Go.

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.

Phishing Tool & Information Collector

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Infection vector that bypasses AV, IDS, and IPS. (For now...)

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Penetration test Achieve Knowledge Unite Rapid Interface

Quickly analyze and reverse engineer Android packages

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

Install Metasploit And Repair Metasploit In Termux With Easy Steps

Chrome extension designed for WordPress Vulnerability Scanning and information gathering!

Automated brute-forcing attack tool.

THIS REPOSITORY HAS BEEN MOVED TO https://github.com/wpscanteam/wpscan USE THAT!!!

自己收集整理自用的字典

Examples of Solidity security issues

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

C2Hack, sharing tips and tricks for pentesters

Tool for port forwarding & intranet proxy

An offline Wi-Fi Protected Setup brute-force utility

Track any ip address with IP-Tracer. IP-Tracer is developed for Linux and Termux. you can retrieve any ip address information using IP-Tracer.

A list of payload and bypass lists for penetration testing and red team infrastructure build.

A fully featured Windows backdoor that uses Gmail as a C&C server

XSHOCK Shellshock Exploit

Algorithms repository.

Performing security tests inside your CI

用于记录内网渗透(域渗透)学习 :-)

Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest

0day安全_软件漏洞分析技术

A curated macOS setup | v2

红蓝对抗跨平台远控工具

SSRF (Server Side Request Forgery) testing resources

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

A Linux packet crafting tool.

Intelligence and Reconnaissance Package/Bundle installer.

The Learning Hub for UoL's Online CS Students

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

Patch iOS Apps, The Easy Way, Without Jailbreak.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A vulnerability scanner for container images and filesystems

Best DDoS Attack Script Python3, Cyber Attack With 36 Method

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

HackSys Extreme Vulnerable Windows Driver

Scalable genomic data analysis.

A vulnerable version of Rails that follows the OWASP Top 10

A wrapper for Nmap to quickly run network scans

A fast, simple, recursive content discovery tool written in Rust.

A collection of various GitHub gists for hackers, pentesters and security researchers

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.