1340 Open source projects that are alternatives of or similar to Penetration Testing Study Notes

The ultimate WinRM shell for hacking/pentesting

Don't let buffer overflows overflow your mind

Useful tools and scripts during Penetration Testing engagements

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

A tool to automate penetration tests

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Everything needed for doing CTFs

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

OSINT Tool: Generate username lists for companies on LinkedIn

Code from Blackhat Python book

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Quickly analyze and reverse engineer Android packages

retrieve information via O365 with a valid cred

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Rockyou for web fuzzing

Pentest Report Generator

Hawkeye filesystem analysis tool

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Automated Adversary Emulation Platform

Dradis Framework: Colllaboration and reporting for IT Security teams

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Git All the Payloads! A collection of web attack payloads.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Quick SQL Scanner, Dorker, Webshell injector PHP

Multi source CVE/exploit parser.

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

🤖 The Modern Port Scanner 🤖

安全编排与自动化响应平台

Rubyfu, where Ruby goes evil!

Pentest: Subdomains enumeration tool for penetration testers.

Cheat-Sheet of tools for penetration testing

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

Notes from OSCP, CTF, security adventures, etc...

Suggests programs to run against services found during the enumeration phase of a Pentest

Get GTFOBins info about a given exploit from the command line

A collection of resources I'm using while working toward the OSCP

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Argus Advanced Remote & Local Keylogger For macOS and Windows

Kali Live Build Scripts

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Extract endpoints from APK files

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Docker - Ubuntu with a bunch of PenTesting tools and wordlists

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

My notebook for OSCP Lab

Open Redirect Payloads

Common Web Managers Fuzz Wordlists

The Web Application Hacker's Handbook - Extra Content

Web application vulnerability scanner

Multi OTP Spam Amp/Paralell threads