370 Open source projects that are alternatives of or similar to Penetrationtesting Notes

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Work in progress...

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

PowerShell payload generator

The SpecterOps project management and reporting engine

Turn PuTTY into an SSH login bruteforcing tool.

Security Tool to Look For Interesting Files in S3 Buckets

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Idiomatic nmap library for go developers

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

A penetration testing tool for finding file upload bugs (NDSS 2020)

The LAZY script will make your life easier, and of course faster.

An advanced tool for email reconnaissance

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

A portable console aimed at making pentesting with PowerShell a little easier.

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Mobile penetration testing android & iOS command cheatsheet

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

(l)user hunter using WinAPI calls only

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

A tool to test security of json web token

Generates malicious LNK file payloads for data exfiltration

A curated list of awesome infosec courses and training resources.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

A tool to automate penetration tests

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

ConPtyShell - Fully Interactive Reverse Shell for Windows

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

An HTTP/HTTPS intercept proxy written in Go.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Everything needed for doing CTFs

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Awesome Vulnerable Applications

A MongoDB importer and API for Project Sonars DNS datasets

Code from Blackhat Python book

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

🙃 Reverse Shell Cheat Sheet 🙃

🔐 Docker Container for Penetration Testing & Security

VOIP Security Audit Framework

Hacker101 CTF Writeup

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Domain name permutation engine written in Go

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A wrapper for Nmap to quickly run network scans

Awesome hacking is an awesome collection of hacking tools.

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty