6419 Open source projects that are alternatives of or similar to Payloadsallthethings

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

A laboratory for learning secure web and mobile development in a practical manner.

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

An automated approach to performing recon for bug bounty hunting and penetration testing.

🙃 Reverse Shell Cheat Sheet 🙃

Open source courseware for Git and GitHub

Some notes and examples for cobalt strike's functionality

Mobile penetration testing android & iOS command cheatsheet

This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010

CTF Cheatsheet

USB Rubber Ducky type scripts written for the DigiSpark.

A collection of awesome one-liner scripts especially for bug bounty tips.

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Tool Information Gathering Write By Python.

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

VS Code extension that lets you open a CSS Flexbox cheatsheet directly in the editor.

bug bounty hunters starter notes

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

cobaltstrike ms17-010 module and some other

This repository contains full code examples from the book Gray Hat C#

A list of interesting payloads, tips and tricks for bug bounty hunters.

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Hack the World using Termux

平常看到好的渗透hacking工具和多领域效率工具的集合

A tool to automate penetration tests

Detect and bypass web application firewalls and protection systems

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

A list of useful payloads for Web Application Security and Pentest/CTF

A high productivity, full-stack web framework for the Go language.

Bypass Paywalls web browser extension for Chrome and Firefox.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Quick SQL Scanner, Dorker, Webshell injector PHP

A fast DOM based XSS vulnerability scanner with simplicity.

A list of web application security

Network Pivoting Toolkit

汽车/安卓/固件/代码安全测试工具集

Extract endpoints marked as disallow in robots files to generate wordlists.

🧮 SOCKS5/4/4a 🌾 validating proxy pool and upstream SOCKS5 server for 🤽 LOLXDsoRANDum connections 🎋

This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.

Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

A curated list of awesome infosec courses and training resources.

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

A javascript single page application (SPA) driver for REST API payload management.

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

GoPhish Templates that I have retired and/or templates I've recreated.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.

🤖 The Modern Port Scanner 🤖

Open Redirect Payloads

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能