1316 Open source projects that are alternatives of or similar to Netpwn

Deploy your own secure API to estimate password strength and check haveibeenpwned for known matches - HTTPS by force, server not required, fire and brimstone sold separately 🔥

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

Message Queue & Broker Injection tool

MutiCloud_Overlay demonstrates a use case of overlay over one or more clouds such as AWS, Azure, GCP, OCI, Alibaba and a vSphere private infrastructure in Hub and spoke topology, point to point topology and in a Single cloud. Overlay protocols IPv6 and IPv4 are independent of underlying infrastructure. This solution can be integrated with encryption and additional security features.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

RFD Checker - security CLI tool to test Reflected File Download issues

Scripts to gather system configuration information for offline/remote auditing

🙏 Checks Firefox saved passwords against known data leaks using the Have I Been Pwned API.

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.

Command-line passphrase generator

See if your passwords in pass has been breached.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

Potiron - Normalize, Index and Visualize Network Capture

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

A Sniffer for Open-WLAN

Best DDoS Attack Script Python3, Cyber Attack With 36 Method

SSL Certificate Manager UI for Windows, powered by Let's Encrypt. Download from certifytheweb.com

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

Custom memory allocator that helps discover reads from uninitialized memory

A tiny NodeJS module to check SSL expiry 🔒

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Passive Security Scanner (被动式安全扫描器)

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Micro-framework for rapid development of reusable security tools

A flexible control server for osquery fleets

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Bramble is a hacking Open source suite.

A proposed standard that allows websites to define security policies.

OSS Vulnerability Scanner for Windows Platform

A Central Control Plane for AWS Permissions and Access

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

A collection of public offensive and defensive security related scripts for InfoSec students.

A tool for remote ADB exploitation in Python3 for all Machines.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Offensive tools as Dockerfiles. Lightweight & Ready to go

一键安装Trojan-GFW代理,Hexo博客,Nextcloud等應用程式。

A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security

Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 7.8+ billion breached accounts

Exploitation Framework for Embedded Devices

Tool for complete hardening of Linux boot chain with UEFI Secure Boot

内网穿透，c++实现，无需公网IP，小巧，易用，快速，安全，最好的多链路聚合（p2p+proxy）模式，不做之一...这才是你真正想要的内网穿透工具！

Monitoring GitLab for sensitive data shared publicly

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Your Social Engineering Sidekick

A note-taking macOS app for penetration-testers.

A PowerShell armoury for penetration testers or other random security guys

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

Awesome Golang Security resources 🕶🔐

Curated list of awesome cloud security blogs, podcasts, standards, projects, and examples.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale