1199 Open source projects that are alternatives of or similar to Pentest Guide

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Learning Penetration Testing of Android Applications

CVE-2016-8610 (SSL Death Alert) PoC

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

Fast and lightweight yet another UEFI implementation

hacker, ready for more of our story ! 🚀

a recon tool that allows searching on URLs that are exposed via shortener services

Cloak can backdoor any python script with some tricks.

A default credential scanner.

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

A fully featured Windows backdoor that uses Gmail as a C&C server

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

a fast domain brute tool

Steganography brute-force utility to uncover hidden data inside files

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

SS7 MAP (pen-)testing toolkit. DISCONTINUED REPO, please use: https://github.com/0xc0decafe/ss7MAPer/

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Generates combination of domain names from the provided input.

jSQL Injection is a Java application for automatic SQL database injection.

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Best DDoS Attack Script Python3, Cyber Attack With 36 Method

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Open-Source Ransomware As A Service for Linux, MacOS and Windows

☠️ The Pathwar Project ☠️

bebasid dapat membantu membuka halaman situs web yang diblokir oleh pemerintah Indonesia dengan memanfaatkan hosts file.

Scripts I use during pentest engagements.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Simple DNS Rebinding Service

MSFvenom Payload Creator (MSFPC)

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

Directory Services Internals (DSInternals) PowerShell Module and Framework

Web Application Security Scanner

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Pentest Lab on OpenStack with Heat, Chef provisioning and Docker

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

network reconnaissance toolkit

Pop shells like a master.

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

The Swiss Army knife for automated Web Application Testing

🆕 The Multi-Tool Web Vulnerability Scanner.

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Gospider - Fast web spider written in Go

IoT 固件漏洞复现环境

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Burp Bounty profiles compilation, feel free to contribute!

A Respondus LockDown Browser Bypass

checksum-reproducible tar archives (utility/library)