421 Open source projects that are alternatives of or similar to Penetration Testing Cheat Sheet

Opening the door, one reverse shell at a time

Don't let buffer overflows overflow your mind

The Collective. A repo for a collection of red-team projects found mostly on Github.

unix SSH post-exploitation 1337 tool

Automated NoSQL database enumeration and web application exploitation tool.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

🆕 The Multi-Tool Web Vulnerability Scanner.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

A collection of resources I'm using while working toward the OSCP

GUI based offensive penetration testing tool (Open Source)

Work in progress...

Exploits and Security Tools Framework 2.0.1

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Bash script that automates the enumeration of domains and DNS servers in the active information gathering.

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

A curated list of awesome OSCP resources

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

network reconnaissance toolkit

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Collection of tips, tools and tutorials around infosec

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

A default credential scanner.

A Python-powered exploitation framework and botnet.

Post-Exploitation Framework

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Scripts I use during pentest engagements.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Burp Suite extension to passively scan for applications revealing server error messages

Offensive Terraform Website

Penetration Testing Platform

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Security Tool to Look For Interesting Files in S3 Buckets

Automated Cyber Offense

A portable console aimed at making pentesting with PowerShell a little easier.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Directory Services Internals (DSInternals) PowerShell Module and Framework

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Discover Your Attack Surface!

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Windows shellcode development in Rust

Forward shell generation framework

Python Books for Security

Automated Penetration Testing Framework

🐶 A curated list of Web Security materials and resources.

Self contained htaccess shells and attacks

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

☠️ The Pathwar Project ☠️

Burp extension to passively scan for applications revealing software version numbers

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Gorsair hacks its way into remote docker containers that expose their APIs

An HTTP/HTTPS intercept proxy written in Go.

Web path scanner

IPv6 attack toolkit

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.