980 Open source projects that are alternatives of or similar to Passcat

jSQL Injection is a Java application for automatic SQL database injection.

A simple dns resolver of dns-record and web-record log server for pentesting

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

scan for NTLM directories

Semi-automatic OSINT framework and package manager

DEPRECATED Secrets management for dynamic environments

Utilities for MITRE™ ATT&CK

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

💔 Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Burp Bounty profiles compilation, feel free to contribute!

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Username enumeration and password spraying tool aimed at Microsoft O365.

📡 A python program to create a fake AP and sniff data.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

Awesome Node.js Security resources

A list of resources for those interested in getting started in bug bounties

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

红队作战中比较常遇到的一些重点系统漏洞整理。

Subdomain Takeover tool written in Go

Human and machine readable web vulnerability testing format

The goal of this repository is to document the most common techniques to bypass AppLocker.

A Python3 based single-file subdomain enumerator

A Kubernetes operator to sync secrets from AWS Secrets Manager

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Web Content Discovery Tool

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

A collection of various GitHub gists for hackers, pentesters and security researchers

Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 7.8+ billion breached accounts

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Reverse Shell as a Service

Linux C2 框架demo，为期2周的”黑客编程马拉松“，从学习编程语言开始到实现一个demo的产物

Hashcat web interface

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Python network worm that spreads on the local network and gives the attacker control of these machines.

Pop shells like a master.

nray distributed port scanner

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A simple tool for offline searching of default credentials for network devices, web applications and more.

Exploit pack for pentesters and ethical hackers.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

A secure, shared workspace for secrets

Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Adds a customizable "Send to..."-context-menu to your BurpSuite.

Open source solution to check prospective AD passwords against previously breached passwords

Utilities for working with the Pwned Passwords database from Django.

Encoder to bypass WAF filters using XOR operations

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Our OSCP repo: from popping shells to mental health.

A Common User Passwords generator script that looks like the tool Eliot used it in Mr.Robot Series Episode 01 :D :v

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.