1208 Open source projects that are alternatives of or similar to Pentest Notes

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

swiss army knife for hackers

A tool to automate penetration tests

My own OSCP guide

👻Impost3r -- A linux password thief

Web-based Source Code Vulnerability Scanner

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

一键提取安卓应用中可能存在的敏感信息。

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Idiomatic nmap library for go developers

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

mXtract - Memory Extractor & Analyzer

Sifter aims to be a fully loaded Op Centre for Pentesters

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

hydra

Penetration Testing notes, resources and scripts

Steganography brute-force utility to uncover hidden data inside files

NetCat for Windows

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A set of recipes useful in pentesting and red teaming scenarios

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

OSINT Tool: Generate username lists for companies on LinkedIn

🎖safely* install packages with npm or yarn by auditing them as part of your install process

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

Scripts to gather system configuration information for offline/remote auditing

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

Infection Monkey - An automated pentest tool

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Ruby on Rails Phishing Framework

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

A cross-platform note-taking & target-tracking app for penetration testers.

kube-scan: Octarine k8s cluster risk assessment tool

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Web path scanner

Micro-framework for rapid development of reusable security tools

Web Content Discovery Tool

InQL - A Burp Extension for GraphQL Security Testing

⛔️ offsec batteries included

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Exploit Pack -The next generation exploit framework

Linux命令转发记录

My OSCP journey

A static analysis security vulnerability scanner for Ruby on Rails applications

All-in-one tool for managing vulnerability reports from AppSec pipelines

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Gorsair hacks its way into remote docker containers that expose their APIs

被动式漏洞扫描系统

grep rough audit - source code auditing tool

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.