1683 Open source projects that are alternatives of or similar to Mxtract

mosquito - Automating reconnaissance and brute force attacks

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

The Collective. A repo for a collection of red-team projects found mostly on Github.

linux post-exploitation framework made by linux user

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Responsive Command and Control System

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

File upload vulnerability scanner and exploitation tool.

Red Teaming Tactics and Techniques

备考 OSCP 的各种干货资料/渗透测试干货资料

Venom - A Multi-hop Proxy for Penetration Testers

A web front-end for password cracking and analytics

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Awesome cloud enumerator

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

无状态子域名爆破工具

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Micro-framework for rapid development of reusable security tools

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

This repository contains full code examples from the book Gray Hat C#

Next generation web scanner

OSINT

Tactics, Techniques, and Procedures

Awesome hacking is an awesome collection of hacking tools.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

EmbedOS - Embedded security testing virtual machine

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Intelligence and Reconnaissance Package/Bundle installer.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Cameradar hacks its way into RTSP videosurveillance cameras

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

A collection of public offensive and defensive security related scripts for InfoSec students.

Automatic SQL injection and database takeover tool

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

YARA malware query accelerator (web frontend)

LD_PRELOAD rootkit

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

A REST API security testing framework.

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

🤖 The Modern Port Scanner 🤖

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Webshell Manager

Python AV Evasion Tools

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Python 3.5+ DNS asynchronous brute force utility

Open source pre-operation C2 server based on python and powershell