907 Open source projects that are alternatives of or similar to Oscp Human Guide

A curated list of awesome privilege escalation

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

swiss army knife for hackers

A high performance offensive security tool for reconnaissance and vulnerability scanning

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Linux enumeration tool for pentesting and CTFs with verbosity levels

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Red Teaming Tactics and Techniques

Don't let buffer overflows overflow your mind

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

Penetration Testing notes, resources and scripts

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A curated list of awesome OSCP resources

my oscp prep collection

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Study Notes For Web Hacking / Web安全学习笔记

Know the dangers of credential reuse attacks.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Automated NoSQL database enumeration and web application exploitation tool.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

network reconnaissance toolkit

RubberDucky like payloads for DigiSpark Attiny85

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

The all-in-one Red Team extension for Web Pentester 🛠

This is a multi-use bash script for Linux systems to audit wireless networks.

The ultimate WinRM shell for hacking/pentesting

A simple dns resolver of dns-record and web-record log server for pentesting

Python network worm that spreads on the local network and gives the attacker control of these machines.

A tool to fastly get all javascript sources/files

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Everything needed for doing CTFs

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

Offensive tools as Dockerfiles. Lightweight & Ready to go

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

retrieve information via O365 with a valid cred

Rockyou for web fuzzing

Cameradar hacks its way into RTSP videosurveillance cameras

Hawkeye filesystem analysis tool

Vagrant VirtualBox environment for conducting an internal network penetration test

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Red Teaming Tactics and Techniques

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

👻 A LAN dropbox chatbot controllable via Telegram

PHP shells that work on Linux OS, macOS, and Windows OS.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Opening the door, one reverse shell at a time

A collection of resources I'm using while working toward the OSCP

Awesome cloud enumerator

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

OSINT

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏