1689 Open source projects that are alternatives of or similar to Penetration Testing Tools

Useful tools and scripts during Penetration Testing engagements

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

A collection of hacking / penetration testing resources to make you better!

my oscp prep collection

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Scripts I use during pentest engagements.

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

hack tools

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

200 TOOLS BY 0XID4FF0X FOR TERMUX

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Dark-Phish is a complete phishing tool. For more about Dark-Phish tool please visit the website.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Argus Advanced Remote & Local Keylogger For macOS and Windows

Ruby on Rails Continuous Deployment Ecosystem to maintain Healthy Stable Development

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Free Security and Hacking eBooks

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Next generation web scanner

Tool Information Gathering Write By Python.

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Python Powered Repository

All sorts of random publicly-available information, assets, scripts, and more as we (Joy Machine) work on our projects.

Hacking, pen-testing, and cyber-security related tools built with Python.

A collection of resources I'm using while working toward the OSCP

Yet Another PHP Shell - The most complete PHP reverse shell

A swiss army knife with lots of tools, extensions and (scriptable) enhancements for Visual Studio Code.

Web Application Security Scanner Framework

Top 100 Hacking & Security E-Books (Free Download)

Fully automated offensive security framework for reconnaissance and vulnerability scanning

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Hacker101 CTF Writeup

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

The norepeat package contains some magical function, tools

Everything needed for doing CTFs

Remot3d: is a simple tool created for large pentesters as well as just for the pleasure of defacers to control server by backdoors

A collection of android Exploits and Hacks

Quack Toolkit is a set of tools to provide denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

network reconnaissance toolkit

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

漏洞利用框架模块分享仓库

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

hacker, ready for more of our story ! 🚀

Tanel Poder's Troubleshooting & Performance Tools for Oracle Databases

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A list of web application security

Idiomatic nmap library for go developers

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Handbook of information collection for penetration testing and src

Kali Linux Cheat Sheet for Penetration Testers