1382 Open source projects that are alternatives of or similar to Payloads

Quickly analyze and reverse engineer Android packages

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

HERCULES is a special payload generator that can bypass antivirus softwares.

A curated list of awesome privilege escalation

Penetration tests guide based on OWASP including test cases, resources and examples.

cve-2019-0604 SharePoint RCE exploit

Get All Registered Wifi Passwords from Target Computer.

A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Automated Red Team Infrastructure deployement using Docker

Web path scanner

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Vulnerability Dashboard

Advanced dork Search & Mass Exploit Scanner

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

A collection of various GitHub gists for hackers, pentesters and security researchers

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Browser's XSS Filter Bypass Cheat Sheet

An ongoing list of virtual cybersecurity conferences.

Set of tools to audit SIP based VoIP Systems

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

Burp Bounty profiles compilation, feel free to contribute!

Infection vector that bypasses AV, IDS, and IPS. (For now...)

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

A container repository for my public web hacks!

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

The ultimate WinRM shell for hacking/pentesting

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Fast Modular Web Interfaces Bruteforcer

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

🎯 Server Side Template Injection Payloads

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Hooks in to interesting functions and helps reverse the web app faster.

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Enine boyuna siber güvenlik

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Passwords Recovery Tool

JSshell - JavaScript reverse/remote shell

XSS'OR - Hack with JavaScript.

Source code for Hacker101.com - a free online web and mobile security class.

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

TechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info

RubberDucky like payloads for DigiSpark Attiny85

🔐 Docker Container for Penetration Testing & Security

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Chromepass - Hacking Chrome Saved Passwords

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.