1208 Open source projects that are alternatives of or similar to Pentest Notes

Open Source Tripwire®

📚 Collaborative cheatsheets for console commands

Modified template for the OSCP Exam and Labs. Used during my passing attempt

An HTTP/HTTPS intercept proxy written in Go.

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

The New Hacking Framework

Automated Cyber Offense

SIPCheck is a tool that watch the authentication of users of Asterisk and bans automatically if some user (or bot) try to register o make calls using wrong passwords.

A swiss army knife for pentesting networks

The clever vulnerability dependency finder

Exploit pack for pentesters and ethical hackers.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

📖 Kubernetes CheatSheets In A4

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Notes for taking the OSCP in 2097. Read in book form on GitBook

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

红队综合渗透框架

IBM Fully Homomorphic Encryption Toolkit For Linux. This toolkit is a Linux based Docker container that demonstrates computing on encrypted data without decrypting it! The toolkit ships with two demos including a fully encrypted Machine Learning inference with a Neural Network and a Privacy-Preserving key-value search.

Golang安全资源合集

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

online port scan scraper

Kali Linux Cheat Sheet for Penetration Testers

An interactive cheatsheet tool for the command-line

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Integration of Clair and Docker Registry

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Drone pentesting framework console

An OSINT Metadata analyzing tool that filters through tags and creates reports

Custom filters and other resources to use with uBlock Origin and uMatrix.

All MITM attacks in one place.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Attack surface mapping

Automated Mass Exploiter

Tools to automate and/or expedite response.

Subdomain Takeover tool written in Go

The iOS Security Testing Framework

Tools for Hacking

Directory/File, DNS and VHost busting tool written in Go

Forward shell generation framework

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Open source pre-operation C2 server based on python and powershell

PoC tool to demonstrate vulnerabilities in wireless input devices

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com

🤓All the geeky stuffs you need to know at one place!

CVE-2016-8610 (SSL Death Alert) PoC

Handbook of information collection for penetration testing and src

Fast web fuzzer written in Go

Collection of tips, tools and tutorials around infosec

Security scanner coordinator

Extract and aggregate threat intelligence.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️