454 Open source projects that are alternatives of or similar to Oscp

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

A curated list of awesome OSCP resources

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

The Collective. A repo for a collection of red-team projects found mostly on Github.

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

A high performance offensive security tool for reconnaissance and vulnerability scanning

My own OSCP guide

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

⛔️ offsec batteries included

Red Teaming Tactics and Techniques

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

swiss army knife for hackers

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

online port scan scraper

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

🆕 The Multi-Tool Web Vulnerability Scanner.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Empire HTTP(S) C2 redirector setup script

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Simple multi threaded tool to extract domain related data from commoncrawl.org

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Interactive Network Scanner

DNS Sub-domain brute forcer, in Python + gevent

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Privilege Escalation Enumeration Script for Windows

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Find web directories without bruteforce

被动式漏洞扫描系统

CVE-2016-8610 (SSL Death Alert) PoC

Exploit Pack -The next generation exploit framework

Simple Server Side Request Forgery services enumeration tool.

Web Content Discovery Tool

Offensive Terraform Website

Reverse proxies cheatsheet

The Shadow Attack Framework

无状态子域名爆破工具

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Gorsair hacks its way into remote docker containers that expose their APIs

The Last Web Recon Tool You'll Need

Web path scanner

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

Single-file PHP shell

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Ruby on Rails Phishing Framework