396 Open source projects that are alternatives of or similar to Patator

Simple Karma Attack

Open source all-in-one CLI tool to semi-automate pentesting.

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

An extremely fast and flexible web fuzzer

DNS Sub-domain brute forcer, in Python + gevent

A tool to test security of json web token

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

macOS FileVault cracking tool

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

A Cloudflare resolver that works

ODAT: Oracle Database Attacking Tool

Tool for catching and logging different types of requests.

Browser's XSS Filter Bypass Cheat Sheet

nray distributed port scanner

wide range mass audit toolkit

BruteDum - Brute Force attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack

CVE-2016-8610 (SSL Death Alert) PoC

An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.

AVAX is a small, modern and fast console application for decrypting passwords with certain options.

🔐 Docker Container for Penetration Testing & Security

jSQL Injection is a Java application for automatic SQL database injection.

(Doesn't work anymore)

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server

A Python script for Brute Force Attack On Facebook Account :)

Bruteforce database

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A collection of personal scripts used in hacking excercises.

A list of resources for those interested in getting started in bug bounties

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

Vulnerability Recurrence:漏洞复现记录

A collection of various GitHub gists for hackers, pentesters and security researchers

An (un-)ethical hacking-station based on Raspberry Pi and Python

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Web path scanner

Implement WSUSpendu attack

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

DLL Password Filter Implant with Exfiltration Capabilities

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

A list of payload and bypass lists for penetration testing and red team infrastructure build.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Pentest environment deployer (kali linux + targets) using vagrant and chef.

Modern alternative to dirbuster/dirb

windows-kernel-exploits Windows平台提权漏洞集合

Ha3Mrx Pentesting and Security Hacking

Modern tactical exploitation toolkit.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

The ultimate WinRM shell for hacking/pentesting

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

Webshell Manager

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

Cloudlist is a tool for listing Assets from multiple Cloud Providers.