695 Open source projects that are alternatives of or similar to Nullinux

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Python 3.5+ DNS asynchronous brute force utility

Automation for internal Windows Penetrationtest / AD-Security

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Relational database brute force and post exploitation tool for MySQL and MSSQL

Web path scanner

Intelligence and Reconnaissance Package/Bundle installer.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

A wrapper for Nmap to quickly run network scans

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box

Monitor linux processes without root permissions

备考 OSCP 的各种干货资料/渗透测试干货资料

RubberDucky like payloads for DigiSpark Attiny85

HostHunter a recon tool for discovering hostnames using OSINT techniques.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Open Redirect Payloads

Sifter aims to be a fully loaded Op Centre for Pentesters

🔐 Docker Container for Penetration Testing & Security

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A tool to fastly get all javascript sources/files

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

A tool to test security of json web token

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A tool to hunt for publicly accessible DigitalOcean Spaces

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Mass querying whois records

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

SSRF (Server Side Request Forgery) testing resources

A unified console to perform the "kill chain" stages of attacks.

Python3 tool to perform password spraying using RDP

Yet Another PHP Shell - The most complete PHP reverse shell

The all-in-one Red Team extension for Web Pentester 🛠

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Next generation web scanner

👻Impost3r -- A linux password thief

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

The LAZY script will make your life easier, and of course faster.

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

an easy pentesting tool.

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

Awesome cloud enumerator

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

Extract subdomains from SSL certificates in HTTPS sites.

OneForAll是一款功能强大的子域收集工具

A tool to automate penetration tests

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Set of tools to audit SIP based VoIP Systems