315 Open source projects that are alternatives of or similar to Pentest

Simple Karma Attack

A tool to automate penetration tests

Scan for and exploit Consul agents

Extract subdomains from SSL certificates in HTTPS sites.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

A fast, simple, recursive content discovery tool written in Rust.

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

Awesome Node.js Security resources

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

Hooks in to interesting functions and helps reverse the web app faster.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

Fast Modular Web Interfaces Bruteforcer

SSRF (Server Side Request Forgery) testing resources

Penetration tests guide based on OWASP including test cases, resources and examples.

iOS/macOS/Linux Remote Administration Tool

Vulnerability Recurrence:漏洞复现记录

Script collection to bypass Network Access Control (NAC, 802.1x)

A wrapper for Nmap to quickly run network scans

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

DLL Password Filter Implant with Exfiltration Capabilities

An automated wrapper script for patching iOS applications (IPA files) and work on non-jailbroken device

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

small python3 tool to check common vulnerabilities in SMTP servers

☠️ The Pathwar Project ☠️

Automatic SSRF fuzzer and exploitation tool

An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.

自己收集整理自用的字典

Open source all-in-one CLI tool to semi-automate pentesting.

This is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

cve-2019-0604 SharePoint RCE exploit

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Set of tools to audit SIP based VoIP Systems

Pop shells like a master.

A tool to test security of json web token

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

Burp Bounty profiles compilation, feel free to contribute!

Wavestone's web interface for password cracking with hashcat

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Bruteforce HTTP Authentication

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

A Cloudflare resolver that works

Find exploits in local and online databases instantly

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

The ultimate WinRM shell for hacking/pentesting

RFD Checker - security CLI tool to test Reflected File Download issues

Collection of quality safety articles. Awesome articles.

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

nray distributed port scanner

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

Webshell Manager