6419 Open source projects that are alternatives of or similar to Payloadsallthethings

A list of payload and bypass lists for penetration testing and red team infrastructure build.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Penetration tests guide based on OWASP including test cases, resources and examples.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Common Web Managers Fuzz Wordlists

Automated NoSQL database enumeration and web application exploitation tool.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Web path scanner

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

my oscp prep collection

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

🎯 XML External Entity (XXE) Injection Payload List

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Offensive Reverse Shell (Cheat Sheet)

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

🎯 SQL Injection Payload List

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Git All the Payloads! A collection of web attack payloads.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

A fast, simple, recursive content discovery tool written in Rust.

Collection of the cheat sheets useful for pentesting

Automatic SSRF fuzzer and exploitation tool

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A curated list of awesome privilege escalation

A reliable, user-friendly Plain Text Accounting tool with command line, terminal and web interfaces.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A fast web directory/file enumeration tool written in Rust

Modern alternative to dirbuster/dirb

Pentest: Subdomains enumeration tool for penetration testers.

A tool to fastly get all javascript sources/files

My personal bug bounty toolkit.

Cheat-Sheet of tools for penetration testing

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

Python AV Evasion Tools

Enumerate information from NTLM authentication enabled web endpoints 🔎

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Misc. Public Reports of Penetration Testing and Security Audits.

Apache Solr Injection Research

Yet Another PHP Shell - The most complete PHP reverse shell

Search for Unix binaries that can be exploited to bypass system security restrictions.

Awesome cloud enumerator

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

A Tool for Domain Flyovers

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Penetration Testing notes, resources and scripts

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Next generation web scanner

Hacker101 CTF Writeup

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A MongoDB importer and API for Project Sonars DNS datasets

Everything needed for doing CTFs