1340 Open source projects that are alternatives of or similar to Penetration Testing Study Notes

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

A collection of public offensive and defensive security related scripts for InfoSec students.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Red Teaming Tactics and Techniques

SSRF (Server Side Request Forgery) testing resources

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Notes from OSCP, CTF, security adventures, etc...

Powerful Visual Subdomain Enumeration at the Click of a Mouse

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Phishing Tool & Information Collector

Argus Advanced Remote & Local Keylogger For macOS and Windows

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

TechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Multi source CVE/exploit parser.

Get GTFOBins info about a given exploit from the command line

A pentesting tool inspired by mr robot and derived by zphisher

A Docker container for remote penetration testing.

Information Gathering tool for a Website or IP address

parse nmap files

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

A Linux packet crafting tool.

Collection of pentesting scripts

Quick utility to craft executables for pentesting and managing reverse shells

We can lock and unlock our Ubuntu system using face recognition(currently only on Ubuntu).

Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Easy files and payloads delivery over DNS

Enables and use of the concept of security in your Delphi applications

Quick tool for checking CVE-2020-0688 on multiple hosts with a non-intrusive method.

A web application for generating custom XSS payloads

a tool to analyze filesystem images for security

Network Pivoting Toolkit

Web Recon & Exploitation Tool.

Web App Pen Tester (Web Interface)

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Do some quick reconnaissance on a domain-based web-application

Repository of my CTF writeups

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Oracle Database Penetration Testing Reference (10g/11g)

A OSINT tool to obtain a target's phone number just by having his email address

Facebook Write-ups, PoC, and exploitation codes:

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A shot-for-shot remake of the Google Login Page.

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Automatic SQL injection and database takeover tool

Hashtopolis - A Hashcat wrapper for distributed hashcracking

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Summary of online learning materials

Decrypted content of eqgrp-auction-file.tar.xz

Botnet targeting Windows machines written entirely in Python & open source security project.

My notes on PentesterLab's Bootcamp series 🕵️

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows