6419 Open source projects that are alternatives of or similar to Payloadsallthethings

Awesome Vulnerable Applications

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

🎯 Server Side Template Injection Payloads

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A curated list of awesome privilege escalation

Automated Red Team Infrastructure deployement using Docker

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Hacking Toolkit

Enumerate information from NTLM authentication enabled web endpoints 🔎

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Collection of the cheat sheets useful for pentesting

Hacker101 CTF Writeup

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A MongoDB importer and API for Project Sonars DNS datasets

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

A fast, simple, recursive content discovery tool written in Rust.

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Collection of quality safety articles. Awesome articles.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

OSINT

A collection of hacking / penetration testing resources to make you better!

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Apache Solr Injection Research

A tool to fastly get all javascript sources/files

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Vagrant VirtualBox environment for conducting an internal network penetration test

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

Pentest: Subdomains enumeration tool for penetration testers.

Modern alternative to dirbuster/dirb

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Cheat-Sheet of tools for penetration testing

Python AV Evasion Tools

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

My personal bug bounty toolkit.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Penetration Testing notes, resources and scripts

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Automatic SSRF fuzzer and exploitation tool

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Multi OTP Spam Amp/Paralell threads

Executes common PowerSploit Powerview functions then combines output into a spreadsheet for easy analysis.

link is a command and control framework written in rust

HERCULES is a special payload generator that can bypass antivirus softwares.

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Security tool to quickly audit Public Box files and folders.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

SQL Injection Payload List

Functions that can be used to gain Reverse Shells with PowerShell