1271 Open source projects that are alternatives of or similar to Nishang

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Cameradar hacks its way into RTSP videosurveillance cameras

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Monitoring your Slack workspaces for sensitive information

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Idiomatic nmap library for go developers

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Functions that can be used to gain Reverse Shells with PowerShell

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Awesome cloud enumerator

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Monitoring GitLab for sensitive data shared publicly

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

The Collective. A repo for a collection of red-team projects found mostly on Github.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Web path scanner

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Monitoring GitHub for sensitive data shared publicly

🔪 Leak git repositories from misconfigured websites

Rubyfu, where Ruby goes evil!

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

OSINT Tool: Generate username lists for companies on LinkedIn

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

The New Hacking Framework

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Free Security and Hacking eBooks

Web Application Security Scanner Framework

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Top 100 Hacking & Security E-Books (Free Download)

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Next generation web scanner

Tool Information Gathering Write By Python.

🙃 Reverse Shell Cheat Sheet 🙃

🎯 XML External Entity (XXE) Injection Payload List

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Hacker101 CTF Writeup

Everything needed for doing CTFs

A collected list of awesome security talks

A list of web application security

OSINT

Network Pivoting Toolkit

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

A curated list of awesome infosec courses and training resources.

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

An advanced tool for email reconnaissance

(l)user hunter using WinAPI calls only

All releases of the security research group (a.k.a. hackers) The Hacker's Choice