1302 Open source projects that are alternatives of or similar to Onelistforall

A support library for Ronin. Like activesupport, but for hacking!

Your Google Recon is Now Automated

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Linux enumeration tool for pentesting and CTFs with verbosity levels

Set of tools to audit SIP based VoIP Systems

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Summary of online learning materials

Yet Another PHP Shell - The most complete PHP reverse shell

📚 An ultimate collection wordlists of the best-known CMS

RAS(RAndom Subdomain) Fuzzer

locate and attack Lync/Skype for Business

A python tool to check subdomain takeover vulnerability

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

🎯 XML External Entity (XXE) Injection Payload List

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Next generation web scanner

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Awesome Vulnerable Applications

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Repositório com conteúdo sobre web hacking em português

🤖 The Modern Port Scanner 🤖

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Quickly analyze and reverse engineer Android packages

all manner of wordlists

Automatically Launch Google Hacking Queries Against A Target Domain

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

A simple dns resolver of dns-record and web-record log server for pentesting

The ultimate WinRM shell for hacking/pentesting

Useful tools and scripts during Penetration Testing engagements

Intelligence tool but without API key

OSINT Tool: Generate username lists for companies on LinkedIn

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p

Advanced Web Shell

Know the dangers of credential reuse attacks.

Powerfull XSS Scanning and Parameter analysis tool&gem

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Automated NoSQL database enumeration and web application exploitation tool.

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

DNS Rebinding Exploitation Framework

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Dump exposed HTTP .git fast

my oscp prep collection

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Study Notes For Web Hacking / Web安全学习笔记

Python network worm that spreads on the local network and gives the attacker control of these machines.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.