3029 Open source projects that are alternatives of or similar to Oscp Prep

This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

pentest framework

Automated NoSQL database enumeration and web application exploitation tool.

Ruby on Rails Phishing Framework

Linux enumeration tool for pentesting and CTFs with verbosity levels

A tool to fastly get all javascript sources/files

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

Vagrant VirtualBox environment for conducting an internal network penetration test

Python 3.5+ DNS asynchronous brute force utility

备考 OSCP 的各种干货资料/渗透测试干货资料

A curated list of awesome OSCP resources

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

Intelligence and Reconnaissance Package/Bundle installer.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

OSINT Project

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Pentest: Subdomains enumeration tool for penetration testers.

Enumerate information from NTLM authentication enabled web endpoints 🔎

An advanced tool for email reconnaissance

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

An OSINT tool to gather information about the real owner of a phone number

A curated list of awesome privilege escalation

Command line tool that allows you to explore IoT devices by using Shodan API.

Yet Another PHP Shell - The most complete PHP reverse shell

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

A list of web application security

OSINT

Useful tools and scripts during Penetration Testing engagements

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Single Page Cheatsheet for common MSF Venom One Liners

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

My own OSCP guide

Idiomatic nmap library for go developers

🔪 Leak git repositories from misconfigured websites

Notes for taking the OSCP in 2097. Read in book form on GitBook

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Making Favicon.ico based Recon Great again !

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Automatically Launch Google Hacking Queries Against A Target Domain

Web Application Security Scanner Framework

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Hacking Toolkit

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.