1318 Open source projects that are alternatives of or similar to Offensive Dockerfiles

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Automatically Launch Google Hacking Queries Against A Target Domain

Git All the Payloads! A collection of web attack payloads.

OSINT Project

swiss army knife for hackers

A high performance offensive security tool for reconnaissance and vulnerability scanning

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Related subdomains finder

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A Tool for Domain Flyovers

OSINT Swiss Army Knife

Selenium powered Python script to automate searching for vulnerable web apps.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Multi source CVE/exploit parser.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

This challenge is Inon Shkedy's 31 days API Security Tips.

Automated NoSQL database enumeration and web application exploitation tool.

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

👥😈 Infect a pc with badusb and establish a connection through telegram.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

List of Awesome Asset Discovery Resources

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

RFD Checker - security CLI tool to test Reflected File Download issues

☠️ The Pathwar Project ☠️

A curated list of awesome social engineering resources.

An OSINT Metadata analyzing tool that filters through tags and creates reports

The Swiss Army knife for automated Web Application Testing

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Burp Bounty profiles compilation, feel free to contribute!

An OSINT tool to gather information about the real owner of a phone number

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

pentest framework

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

Audit tool to find common vulnerabilities in PHP source code

Hacking tools

cve-2019-0604 SharePoint RCE exploit

Python Ransomware Tutorial - YouTube tutorial explaining code + showcasing the ransomware with victim/target roles

Webshell Manager

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

Fast Modular Web Interfaces Bruteforcer

scan for NTLM directories

Collection of quality safety articles. Awesome articles.

Don't let buffer overflows overflow your mind

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB.

Awesome Node.js Security resources