1321 Open source projects that are alternatives of or similar to Offensive Docker

Pentester's Promiscuous Notebook

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Web Recon & Exploitation Tool.

A $20k consensus challenge based on TigerBeetle's implementation of the pioneering Viewstamped Replication protocol.

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

Framework for building Windows malware, written in C++

Tool Information Gathering Write By Python.

An automated target reconnaissance pipeline.

Open-source vulnerability disclosure policy templates.

Tool to communicate with RPC services and check misconfigurations on NFS shares

Repository of my CTF writeups

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

个人笔记汇总

Facebook Write-ups, PoC, and exploitation codes:

Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

goverview - Get an overview of the list of URLs

Open Redirect scanner - (out of date)

Scan secrets from Continuous Integration Build Logs

Reversed code of GTA:SA executable (gta_sa.exe) 1.0 US

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

List of every possible vulnerabilities in computer security.

useful pentest note

yet another dirbuster

Hashtopolis - A Hashcat wrapper for distributed hashcracking

Swiftly search FDNS datasets from Rapid7 Open Data

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

No description or website provided.

Custom security distro for remote penetration testing

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

cobaltstrike ms17-010 module and some other

Tool to generate smart and powerful wordlists

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

Obtain GraphQL API Schema even if the introspection is not enabled

Summary of online learning materials

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Http request smuggling vulnerability scanner

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

封装多种CTF和平时常见加密及编码C#类库

Intentionally vulnerable Android application.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

a Go code to detect leaks in JS files via regex patterns

Unleash the power of cloud

Mass querying whois records

Botnet targeting Windows machines written entirely in Python & open source security project.

DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets

Tool to bypass 40X response codes.

Docker - Ubuntu with a bunch of PenTesting tools and wordlists

This repository created for personal use and added tools from my latest blog post.

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

Stash for Binary Exploitation and Reverse Engineering Resources

Boxer: A fast directory bruteforce tool written in Python with concurrency.

No description or website provided.

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

Information Security Library

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.