1331 Open source projects that are alternatives of or similar to Passphrase Wordlist

Declarative penetration testing orchestration framework

Python3 tool to perform password spraying using RDP

A Modular Penetration Testing Framework

Mercure is a tool for security managers who want to train their colleague to phishing.

tool to extract passwords from TeamViewer memory using Frida

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

List of my talks and workshops: security engineering, applied cryptography, secure software development

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Open Redirect Payloads

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

(deprecated) Android application vulnerability analysis and Android pentest tool

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

Hershell is a simple TCP reverse shell written in Go.

Log any method call of object in Objective-C

Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning

Web application vulnerability scanner

This repo will contain some basic pentest/RT commands.

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

An Python Script For Generating Payloads that Bypasses All Antivirus so far .

mXtract - Memory Extractor & Analyzer

Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers

Web Application Security Scanner

Wifi Cracking

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

A python tool to check subdomain takeover vulnerability

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

🌰 An onion url inspector for inspecting deep web links.

(l)user hunter using WinAPI calls only

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.

Linux Rootkits (4.x Kernel)

Functions that can be used to gain Reverse Shells with PowerShell

Notes for taking the OSCP in 2097. Read in book form on GitBook

A front-end JavaScript toolkit for creating DNS rebinding attacks.

Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.

Infosec resource center for offensive and defensive security operations.

A fully automatic wifi deauther coded in Python

PowerShell SOCKS proxy with reverse proxy capabilities

Simple application written in Go that combines two wordlists and a list of TLDs to form domain names and check if they are already registered.

Credential stuffing engine built for security professionals

A Python Tool For google Hacking

Security tool to quickly audit Public Box files and folders.

WebMap-Nmap Web Dashboard and Reporting

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Demonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.

HERCULES is a special payload generator that can bypass antivirus softwares.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

fireELF - Fileless Linux Malware Framework

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Just another script for automatize boolean-based blind SQL injections. (Demo)

A Docker container for remote penetration testing.

Interactive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

👻Impost3r -- A linux password thief

Quick utility to craft executables for pentesting and managing reverse shells

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p

Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️