1199 Open source projects that are alternatives of or similar to Pentest Guide

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Misc. Public Reports of Penetration Testing and Security Audits.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

🎯 Command Injection Payload List

Common Web Managers Fuzz Wordlists

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A list of payload and bypass lists for penetration testing and red team infrastructure build.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Pentest: Subdomains enumeration tool for penetration testers.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

A Tool for Domain Flyovers

Yet Another PHP Shell - The most complete PHP reverse shell

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

A Golang implant that uses Slack as a command and control server

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Sifter aims to be a fully loaded Op Centre for Pentesters

Penetration Testing notes, resources and scripts

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Script collection to bypass Network Access Control (NAC, 802.1x)

Automated Red Team Infrastructure deployement using Docker

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Hacking Toolkit

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Powerfull XSS Scanning and Parameter analysis tool&gem

Web path scanner

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

A curated list of awesome infosec courses and training resources.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

A tool to automate penetration tests

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Pentest Report Generator

Apache Solr Injection Research

A fast DOM based XSS vulnerability scanner with simplicity.

hydra

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A big list of Android Hackerone disclosed reports and other resources.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

🎯 XML External Entity (XXE) Injection Payload List

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

All about bug bounty (bypasses, payloads, and etc)

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

A curated list of awesome OSCP resources

🎯 SQL Injection Payload List

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A collection of various GitHub gists for hackers, pentesters and security researchers

Vulnerability Dashboard

Burp extension to passively scan for applications revealing software version numbers

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Burp Suite extension to passively scan for applications revealing server error messages