1683 Open source projects that are alternatives of or similar to Mxtract

fireELF - Fileless Linux Malware Framework

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

🚀 Fast Port Scanner 🚀

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

👻Impost3r -- A linux password thief

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Automation for internal Windows Penetrationtest / AD-Security

Passwords Recovery Tool

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Exploit Pack -The next generation exploit framework

A set of recipes useful in pentesting and red teaming scenarios

A tool to test security of json web token

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Intelligence and Reconnaissance Package/Bundle installer.

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

One stop place for exploiting Jira instances in your proximity

🌒 Shell command obfuscation to avoid detection systems

Automated Mass Exploiter

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

A Virtual environment for Pentesting IoT Devices

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Notes for taking the OSCP in 2097. Read in book form on GitBook

Attack Surface Management Platform | Sn1perSecurity LLC

Hashcat web interface

Powerful Visual Subdomain Enumeration at the Click of a Mouse

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Set of tools to audit SIP based VoIP Systems

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Cameradar hacks its way into RTSP videosurveillance cameras

Python AV Evasion Tools

AWS Identity and Access Management Visualizer and Anomaly Finder

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

LD_PRELOAD rootkit

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

A REST API security testing framework.

Next generation web scanner

Awesome cloud enumerator

OSINT

This repository contains full code examples from the book Gray Hat C#

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

YARA malware query accelerator (web frontend)

Tactics, Techniques, and Procedures

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Automatic SQL injection and database takeover tool

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

🤖 The Modern Port Scanner 🤖

Sifter aims to be a fully loaded Op Centre for Pentesters