1689 Open source projects that are alternatives of or similar to Penetration Testing Tools

Content for hackingthe.cloud

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Automated NoSQL database enumeration and web application exploitation tool.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Don't let buffer overflows overflow your mind

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Quack Toolkit is a set of tools to provide denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.

Tanel Poder's Troubleshooting & Performance Tools for Oracle Databases

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

JSshell - JavaScript reverse/remote shell

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

CTF竞赛权威指南

Vagrant VirtualBox environment for conducting an internal network penetration test

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

network reconnaissance toolkit

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Rubyfu, where Ruby goes evil!

Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Mirror

Collection of things made during my OSCP journey

The norepeat package contains some magical function, tools

USB Rubber Ducky type scripts written for the DigiSpark.

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Dark-Phish is a complete phishing tool. For more about Dark-Phish tool please visit the website.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

Hacking, pen-testing, and cyber-security related tools built with Python.

A collection of resources I'm using while working toward the OSCP

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Argus Advanced Remote & Local Keylogger For macOS and Windows

Web Application Security Scanner Framework

Top 100 Hacking & Security E-Books (Free Download)

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Tool Information Gathering Write By Python.

Hacker101 CTF Writeup

Everything needed for doing CTFs

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

漏洞利用框架模块分享仓库

A list of web application security

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A collection of android Exploits and Hacks

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Enumerate information from NTLM authentication enabled web endpoints 🔎

Next generation web scanner