689 Open source projects that are alternatives of or similar to pentest-notes

A Tool for Domain Flyovers

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A collection of various GitHub gists for hackers, pentesters and security researchers

渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram

OSINT Swiss Army Knife

Pentest Report Generator

Webshell Manager

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Offensive Reverse Shell (Cheat Sheet)

A tool to test security of json web token

The Web Application Hacker's Handbook - Extra Content

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

A curated list of awesome infosec courses and training resources.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Selenium powered Python script to automate searching for vulnerable web apps.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Awesome Node.js Security resources

Offensive tools as Dockerfiles. Lightweight & Ready to go

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Multi source CVE/exploit parser.

Related subdomains finder

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

The initial conversation slides and menu of scenarios

🖖 Fast, modern, easy-to-use network scanner

Free advanced and modern Windows botnet with a nice and secure PHP panel.

Turn your VPS into an attack box

Collection of quality safety articles. Awesome articles.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Misc. Public Reports of Penetration Testing and Security Audits.

Pentest: Subdomains enumeration tool for penetration testers.

Extract subdomains from SSL certificates in HTTPS sites.

🎯 XML External Entity (XXE) Injection Payload List

🌒 Shell command obfuscation to avoid detection systems

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Most usable tools for iOS penetration testing

Hershell is a simple TCP reverse shell written in Go.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

RFD Checker - security CLI tool to test Reflected File Download issues

This challenge is Inon Shkedy's 31 days API Security Tips.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

🔑 Hash type identifier (CLI & lib)

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🔐 Docker Container for Penetration Testing & Security

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Vulnerability Dashboard

Leaked pentesting manuals given to Conti ransomware crooks

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Some good resources for getting started with application security

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Threat Hunting queries for various attacks

featured cs:go internal hack, one file and less than 1000 lines.

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

A concise, directive, specific, flexible, and free incident response plan template

Kali Live Build Scripts