753 Open source projects that are alternatives of or similar to Open Redirect Payloads

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🔑 Hash type identifier (CLI & lib)

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

This powershell script has got to run in remote hacked windows host, even for pivoting

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

an easy pentesting tool.

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Multi OTP Spam Amp/Paralell threads

A tool for fuzzing for ports that allow outgoing connections

[ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻

Misc. Public Reports of Penetration Testing and Security Audits.

Ladon Moudle MS17010 Exploit for PowerShell

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

A very loud but fast recon scan and pentest template creator for use in CTF's/OSCP/Hackthebox...

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

Offensive Reverse Shell (Cheat Sheet)

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

This is a multi-use bash script for Linux systems to audit wireless networks.

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

It's a tool which generate a dictionary from a csv containing personals informations. Generate all common passwords based on perso info. (leet transformations and combinatory processing)

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Pentesting/Bugbounty Dockerfiles.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Infosec Wordlists

本脚本旨在生成各类畸形URL链接，进行探测使用的payload，尝试绕过服务端ssrf限制。

network reconnaissance toolkit

./kumasia php simple backdoor

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

My notebook for OSCP Lab

Free advanced and modern Windows botnet with a nice and secure PHP panel.

This program focuses on automating the download, installation and compilation of pentest tools from source

SIP-Based Audit and Attack Tool

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

渗透测试☞经验/思路/总结/想法/笔记

A collection of useful Python hacking scripts for beginners

🥀 Search Engine Tookit，URL采集、Favicon哈希值查找真实IP、子域名查找

NoneAge Blockchain Security Tutorial

This tool was created as a Proof of Concept to reveal the threats related to web service misconfiguration using CloudFlare as reverse proxy and WAF

A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based interface using WiFi in AP or Client mode. Will work with nearly all devices that contain a standard 5V Wiegand interface. Primary target group is 26-37bit HID Cards. Similar to the Tastic RFID Thief, Blekey, and ESPKey.

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

Hetty is an HTTP toolkit for security research.

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

NodeJS Red-Team Cheat Sheet

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Nmap and NSE command line wrapper in the style of Metasploit

📱 objection - runtime mobile exploration

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).

Tactics, Techniques, and Procedures