421 Open source projects that are alternatives of or similar to Penetration Testing Cheat Sheet

Infection Monkey - An automated pentest tool

Burp Suite extension to passively scan for applications revealing server error messages

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Offensive Terraform Website

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Penetration Testing Platform

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

C2/post-exploitation framework

Security Tool to Look For Interesting Files in S3 Buckets

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

Scripts I use during pentest engagements.

Automated Cyber Offense

OSINT Tool: Generate username lists for companies on LinkedIn

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

A portable console aimed at making pentesting with PowerShell a little easier.

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Web path scanner

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

NetCat for Windows

Penetration Testing notes, resources and scripts

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Windows shellcode development in Rust

Pentest Report Generator

Self contained htaccess shells and attacks

This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

The SpecterOps project management and reporting engine

☠️ The Pathwar Project ☠️

Idiomatic nmap library for go developers

Gorsair hacks its way into remote docker containers that expose their APIs

An advanced tool for email reconnaissance

An HTTP/HTTPS intercept proxy written in Go.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

IPv6 attack toolkit

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Simple Karma Attack

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

A cross-platform note-taking & target-tracking app for penetration testers.

Web Application Security Scanner

(l)user hunter using WinAPI calls only

Ruby on Rails Phishing Framework

My own OSCP guide

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

swiss army knife for hackers

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

A curated list of awesome infosec courses and training resources.

A list of web application security

⛔️ offsec batteries included