1302 Open source projects that are alternatives of or similar to Onelistforall

DNS rebinding toolkit

Network Analysis Tool

Small tool for generating ropchains using unicorn and z3

OWASP D4N155 - Intelligent and dynamic wordlist using OSINT

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

Simple script for generating Malformed QRCodes.

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Scanning APK file for URIs, endpoints & secrets.

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Enine boyuna siber güvenlik

A stand-alone web server app for rapidly building and publishing full fledged dictionary websites and APIs for any language.

Go-deliver is a payload delivery tool coded in Go.

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Intelligence and Reconnaissance Package/Bundle installer.

Collection of quality safety articles. Awesome articles.

Tool to automate common OSINT tasks

😎 Curated list about cryptocurrency security (reverse / exploit / fuzz..)

List of Awesome Windows Security Resources

A time lapse app for Sony Alpha camera using the OpenMemories framework

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Transcribed video lessons of HackerOne to pdf's

Burp Suite extension to discover assets from HTTP response.

A Linux Kernel Module that implements a fast snapshot mechanism for fuzzing.

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Audit tool to find common vulnerabilities in PHP source code

A curated list of various bug bounty tools

Knowledge Base 慢雾安全团队知识库

Offensive tools as Dockerfiles. Lightweight & Ready to go

Hack Facebook

The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values.

A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.

A python based tool for exploiting and managing Android devices via ADB

A backdoor with a multitude of features.

Get All Registered Wifi Passwords from Target Computer.

WhiteWinterWolf's PHP web shell

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

An extremely fast and flexible web fuzzer

Remote Administration Toolkit (or Trojan) for POSiX (Linux/Unix) system working as a Web Service

A fuzzing library in JavaScript. ✨

Script to automate PUT HTTP method exploitation to get shell

gramfuzz is a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats.

A passive subdomain finder

DeepSea Phishing Gear

Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Python Ransomware Tutorial - YouTube tutorial explaining code + showcasing the ransomware with victim/target roles

Secret and/ credential patterns used for gf.

For all your network pentesting needs

Collection My Wordlist

Find leaked secrets via github search

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Full Speed Instagram Cracker

keylogger which sends us the data to our gmail.

Custom memory allocator that helps discover reads from uninitialized memory

mosquito - Automating reconnaissance and brute force attacks

SSH man-in-the-middle tool

Facebook Brute Forcer in shellscript using TOR

Property based testing framework for JavaScript (like QuickCheck) written in TypeScript