695 Open source projects that are alternatives of or similar to Nullinux

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

bug bounty hunters starter notes

In-depth Attack Surface Mapping and Asset Discovery

The all-in-one Red Team extension for Web Pentester 🛠

A tool to fastly get all javascript sources/files

Attack Surface Management Platform | Sn1perSecurity LLC

The LAZY script will make your life easier, and of course faster.

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

Enumerate information from NTLM authentication enabled web endpoints 🔎

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Notes for taking the OSCP in 2097. Read in book form on GitBook

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Exploit Pack -The next generation exploit framework

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

The Last Web Recon Tool You'll Need

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Hacking Toolkit

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Privilege Escalation Enumeration Script for Windows

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

A REST API security testing framework.

Browse and search through nmap's NSE scripts.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Yet Another PHP Shell - The most complete PHP reverse shell

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Venom - A Multi-hop Proxy for Penetration Testers

Set of tools to audit SIP based VoIP Systems

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

SSRF (Server Side Request Forgery) testing resources

A wrapper for Nmap to quickly run network scans

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A tool to test security of json web token

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

🔐 Docker Container for Penetration Testing & Security

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Network Pivoting Toolkit

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

👻 A LAN dropbox chatbot controllable via Telegram

Quickly analyze and reverse engineer Android packages

Automatic SQL injection and database takeover tool

Burpsuite-Plugins-Usage

OSINT

fireELF - Fileless Linux Malware Framework

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Links for the OSINT Team

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.