396 Open source projects that are alternatives of or similar to Patator

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

A collection of useful links for Pentesters

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

scripts to setup pentesting system and use during pentest

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Network Security Vulnerability Scanner

A collection of personal scripts used in hacking excercises.

Argus Advanced Remote & Local Keylogger For macOS and Windows

A list of resources for those interested in getting started in bug bounties

🌒 Shell command obfuscation to avoid detection systems

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

A brute force attacker with packages for development in Python 3, Kotlin, C#, Go, Vala, and C++.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

Suggests programs to run against services found during the enumeration phase of a Pentest

Vulnerability Recurrence:漏洞复现记录

brute force SSH public-key authentication

A collection of various GitHub gists for hackers, pentesters and security researchers

Instagram Brute Forcer

An (un-)ethical hacking-station based on Raspberry Pi and Python

Pentester's Promiscuous Notebook

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

NOT SUPORTED ANYMORE -- try resource_files repository (mosquito)

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Tool to communicate with RPC services and check misconfigurations on NFS shares

Web path scanner

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

Implement WSUSpendu attack

Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

useful pentest note

DLL Password Filter Implant with Exfiltration Capabilities

Common problems of dynamic programming methods and techniques, including prerequisites, for competitive programmers.

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

WordPress pentest tool

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Custom security distro for remote penetration testing

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pentest environment deployer (kali linux + targets) using vagrant and chef.

nuclei framework scripts

Modern alternative to dirbuster/dirb

Fast website scraper and wordlist generator

windows-kernel-exploits Windows平台提权漏洞集合

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Ha3Mrx Pentesting and Security Hacking

BloodHound Docker Ready to Use

Modern tactical exploitation toolkit.

A simple multi-threaded distributed SSH brute-forcing tool written in Python

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Overlord - Red Teaming Infrastructure Automation

RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

Collection of the cheat sheets useful for pentesting

Intelligence and Reconnaissance Package/Bundle installer.

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

This challenge is Inon Shkedy's 31 days API Security Tips.