501 Open source projects that are alternatives of or similar to massh-enum

A Go implementation of dirsearch.

It's a simple tool for test vulnerability shellshock

Automated Enumeration Script for Pentesting

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

rsGen is a Reverse Shell Payload Generator for hacking.

Gem vulnerability checker using rubysec/ruby-advisory-db

Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box

A library that scrapes Linkedin for user data

A Binary Ninja plugin for vulnerability research.

SlowMist Vulnerability Research Advisories

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Roadmap for preparing for OSCP, anyone is free to use this, and also feedback and contributions are welcome

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

Multi source CVE/exploit parser.

A Users Management Package that includes all necessary routes, views, models, and controllers for a user management dashboard and associated pages for managing Laravels built in user scaffolding. Built for Laravel 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 6.0, 7.0 and 8.0.

Tutorials and Things to Do while Hunting Vulnerability.

In-depth Attack Surface Mapping and Asset Discovery

Steal Net-NTLM Hash using Bad-PDF

Get a list, or check if a user or organization name is reserved by GitHub

A DNS rebinding attack framework.

Username enumeration and password spraying tool aimed at Microsoft O365.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Perform automated network reconnaissance scans

A laboratory for learning secure web and mobile development in a practical manner.

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Auto Scanning to SSL Vulnerability

Powerful Visual Subdomain Enumeration at the Click of a Mouse

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

GitHub Action to run `npm audit`

Apache Solr Injection Research

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Phantom eye——A passive business logic vulnerability auditing tool

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

A fast, simple, recursive content discovery tool written in Rust.

Use the docker to build a vulnerability environment

Enumeration implementation for PHP

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

The Offensive Manual Web Application Penetration Testing Framework.

Simple DNS Rebinding Service

SFTP Server for Docker

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

bug bounty hunters starter notes

Android Kernel Exploitation

Ansible Role - GitHub Users

Go Web Application Penetration Test

Everyone's favorite SMB/SAMBA/CIFS enumeration tool ported over to Python.

Making my local storage of useful AD Scripts available to everyone.

Borgert is a CMS Open Source created with Laravel Framework 5.6

List of real-world threats against endpoint protection software

ADAPT is a tool that performs automated Penetration Testing for WebApps.

This repository provides examples on how to use the @accounts-js packages.

Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, MFA, FIDO2, profile management, identity schemas, social sign in, registration, account recovery, and IoT auth. Golang, headless, API-only - without templating or theming headaches.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

A toolset to kickstart your application on top of Laravel Livewire, Laravel Jetstream and Spatie Permissions. LLoadout inforce is created using the TALL stack.

Java漏洞学习笔记 Deserialization Vulnerability

This repository contains a class that allows the enumeration of video and audio devices in order to get the device IDs that are required to create a VideoCapture object inside OpenCV (in Windows).

Some personal exploits/pocs