454 Open source projects that are alternatives of or similar to Oscp

A web front-end for password cracking and analytics

Python 3.5+ DNS asynchronous brute force utility

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

This repository contains full code examples from the book Gray Hat C#

Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Hashcat web interface

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

WhiteWinterWolf's PHP web shell

Privilege Escalation Enumeration Script for Windows

Windows one line commands that make life easier, shortcuts and command line fu.

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Notes for taking the OSCP in 2097. Read in book form on GitBook

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Python network worm that spreads on the local network and gives the attacker control of these machines.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

An evil RAT (Remote Administration Tool) for macOS / OS X.

A REST API security testing framework.

Encoder to bypass WAF filters using XOR operations

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Next generation web scanner

Know the dangers of credential reuse attacks.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Centralize Vulnerability Assessment and Management for DevSecOps Team

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

All MITM attacks in one place.

The ultimate WinRM shell for hacking/pentesting

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

A Cloudflare resolver that works

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Directory/File, DNS and VHost busting tool written in Go

A collection of useful scripts for Cobalt Strike

🍪 Flask Session Cookie Decoder/Encoder

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Find web directories without bruteforce

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

SSRF (Server Side Request Forgery) testing resources

NetCat for Windows

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Selenium powered Python script to automate searching for vulnerable web apps.

被动式漏洞扫描系统

Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具

Python3 tool to perform password spraying using RDP

Cameradar hacks its way into RTSP videosurveillance cameras

The Leading Security Assessment Framework for Android.

Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A .NET Standard library for pentesting web apps against credential stuffing attacks.

A simple keylogger for Windows, Linux and Mac

Dump exposed HTTP .git fast