827 Open source projects that are alternatives of or similar to Minimalistic Offensive Security Tools

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Python 3.5+ DNS asynchronous brute force utility

Distributed alerting for the masses!

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

GitBook: OSCP RoadMap

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Automatically brute force all services running on a target.

A Tools Session Hijacking And Stealer Local Passcode Telegram Windows

A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.

A command line security audit tool for Amazon Web Services

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

fast TCP banner grabbing with node.js

Tracking CVEs for the linux Kernel

👔 Enterprise Web application starter kit or template using Laravel

Burp extension to passively scan for applications revealing software version numbers

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Awesome hacking is an awesome collection of hacking tools.

An HTTP/HTTPS intercept proxy written in Go.

🔎 shodansploit > v1.3.0

JWT brute force cracker written in C

SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By init__0 for termux on android

Detect threats with log data and improve cloud security posture

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Golang IP/port scanner with SYN (stealth) scanning and device manufacturer identification

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

A tool to automate penetration tests

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Common password pattern generator using strings list

USB Rubber Ducky type scripts written for the DigiSpark.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Web-based Source Code Vulnerability Scanner

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Android Apps, Roms and Platforms for Pentesting

wide range mass audit toolkit

Cybersecurity Evaluation Tool

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

Simple Golang HTTPS/TLS Examples

A MongoDB importer and API for Project Sonars DNS datasets

A wrapper for Nmap to quickly run network scans

🙃 Reverse Shell Cheat Sheet 🙃

Scanning LAN hosts from Chrome using ICE servers

Hacker101 CTF Writeup

🔪 Leak git repositories from misconfigured websites

Collection of tips, tools and tutorials around infosec

Next generation web scanner

wooyun public information backup

DotDotPwn - The Directory Traversal Fuzzer

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

A web front-end for password cracking and analytics

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Mass scan IPs for vulnerable services

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑