566 Open source projects that are alternatives of or similar to Metasploit Cheat Sheet

kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

checksum-reproducible tar archives (utility/library)

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Ready to use images of Zap and Glue, especially for CI integration.

Discover duplication glitches, abusive staff giving items, x-ray or simply poor server economy.

Penetration test Achieve Knowledge Unite Rapid Interface

venom - shellcode generator/compiler/handler (metasploit)

📖 [译] SploitFun Linux x86 Exploit 开发系列教程

A Python-powered exploitation framework and botnet.

my oscp prep collection

Asynchronous Python implementation of SlowLoris DoS attack

CryptoLocker is open source files encrypt-er. Crypto is developed in Visual C++. It has features encrypt all file, lock down the system and send keys back to the server. Multi-threaded functionality helps to this tool make encryption faster.

A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance

cve-2019-0604 SharePoint RCE exploit

pentest framework

Awesome Python Security resources 🕶🐍🔐

A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854

🎯 SQL Injection Payload List

Self contained htaccess shells and attacks

Exploitation and Mitigation Slides

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

A tool for remote ADB exploitation in Python3 for all Machines.

Safari local file reader

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

Automated Twitter mass account creation and follow using Selenium and Tor VPN

Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

Public repository of static GDB and GDBServer

Hacking Toolkit

My proof-of-concept exploits for the Linux kernel

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

CVE-2020-0688_EXP Auto trigger payload & encrypt method

Reflective PE packer.

Some of my CTF solutions

Modern tactical exploitation toolkit.

Various local exploits

Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler

Find exploits in local and online databases instantly

用cel-go重现了长亭xray的poc检测功能的轮子

Automated Red Team Infrastructure deployement using Docker

Focus on cybersecurity | collection of PoC and Exploits

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

PoC materials for article https://habr.com/en/post/486856/

PS / Bash / Python / Other scripts For FUN!

Forward shell generation framework

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

NSA Hacking Tool Recreation UnitedRake

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

A container repository for my public web hacks!

📚 VoidHack CTF write-ups

Working Python test and PoC for CVE-2018-11776, includes Docker lab

PoC exploit for CVE-2016-4622

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A tool for integrating the Metasploit payload with Android's healthy programs and bypassing antivirus

Samsung Galaxy S3 GT-I9300 eMMC toolbox

Roblox Exploit Source Code Called IceMeme with some cmds, lua c and limited lua execution with simple ui in c#