753 Open source projects that are alternatives of or similar to Open Redirect Payloads

Python3 tool to perform password spraying using RDP

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

A unified console to perform the "kill chain" stages of attacks.

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Intelligence and Reconnaissance Package/Bundle installer.

Git All the Payloads! A collection of web attack payloads.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

👻Stowaway -- Multi-hop Proxy Tool for pentesters

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Web path scanner

Relational database brute force and post exploitation tool for MySQL and MSSQL

Phishing Tool & Information Collector

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

A REST API security testing framework.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

A curated list of awesome OSCP resources

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

A tool for generating reverse shell payloads on the fly.

A container repository for my public web hacks!

Fast Modular Web Interfaces Bruteforcer

👻Impost3r -- A linux password thief

XSS'OR - Hack with JavaScript.

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Next generation web scanner

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

🌒 Shell command obfuscation to avoid detection systems

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Tool to communicate with RPC services and check misconfigurations on NFS shares

Bifrost C2. Open-source post-exploitation using Discord API

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

A high performance offensive security tool for reconnaissance and vulnerability scanning

RubberDucky like payloads for DigiSpark Attiny85

Web Recon & Exploitation Tool.

Vagrant VirtualBox environment for conducting an internal network penetration test

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Multi source CVE/exploit parser.

Quick SQL Scanner, Dorker, Webshell injector PHP

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

generates weak passwords based on current date

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🔑 Hash type identifier (CLI & lib)

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

The LAZY script will make your life easier, and of course faster.

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

Docker images for infosec tools

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

This powershell script has got to run in remote hacked windows host, even for pivoting

an easy pentesting tool.

Common Web Managers Fuzz Wordlists

Multi OTP Spam Amp/Paralell threads