398 Open source projects that are alternatives of or similar to P0wny Shell

Ruby on Rails Phishing Framework

🔨 A modern multiple reverse shell sessions manager wrote in go

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A curated list of awesome OSCP resources

A Powerful Subdomain Takeover Tool

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Reverse proxies cheatsheet

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Semi-automatic OSINT framework and package manager

Web path scanner

CVE-2016-8610 (SSL Death Alert) PoC

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

A web front-end for password cracking and analytics

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

OSINT Tool: Generate username lists for companies on LinkedIn

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Web Content Discovery Tool

mXtract - Memory Extractor & Analyzer

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

The Shadow Attack Framework

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Gorsair hacks its way into remote docker containers that expose their APIs

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

online port scan scraper

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Interactive Network Scanner

Hacking Toolkit

Simple multi threaded tool to extract domain related data from commoncrawl.org

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Dump exposed HTTP .git fast

Advanced Web Shell

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

The Last Web Recon Tool You'll Need

hydra

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

被动式漏洞扫描系统

A swiss army knife for pentesting networks

A Hashcat wrapper for distributed hashcracking

Exploit Pack -The next generation exploit framework

A repo with information about security of Ethereum Smart Contracts

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

linuxprivchecker.py -- a Linux Privilege Escalation Check Script