1208 Open source projects that are alternatives of or similar to Pentest Notes

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Open Repository for the Open Security and Privacy Reference Architecture

Learning Penetration Testing of Android Applications

Seamlessly encrypt/decrypt/edit your rails Dotenv files with the help of the Sekrets gem

Simple script that checks a domain for email protections

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Simple multi threaded tool to extract domain related data from commoncrawl.org

Credential stuffing engine built for security professionals

RedSnarf is a pen-testing / red-teaming tool for Windows environments

Offensive Terraform Website

Read local Chrome cookies without root or decrypting

Golang security checker

Automatically Launch Google Hacking Queries Against A Target Domain

Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters

Penetration Testing Platform

The Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident Response Teams (CSIRTs) of the Member States and for promoting swift and effective operational cooperation.

Community-sourced cheatsheets

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Command line password manager for Unix-like operating systems

NodeJS Simple Network Scanner

Public append-only ledger microservice built with Slim Framework

Post-Exploitation Framework

Alcide Kubernetes Audit Log Analyzer - Alcide kAudit

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

An NFC research toolkit application for Android

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Intelligence tool but without API key

A framework for Backdoor development!

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

🍿 The perfect Checklist Website for meticulous developers.

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

A checklist for staying safe on the internet

DNS Rebinding Exploitation Framework

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

DeimosC2 is a Golang command and control framework for post-exploitation.

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Python Books for Security

Check read, write permissions on S3 buckets in your account

Quickly analyze and reverse engineer Android packages

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

C# 8 Cheat Sheet, Default Interface Methods, Pattern Matching, Indices and Ranges, Nullable Reference Types, Asynchronous Streams, Caller Expression Attribute ,Static Local Functions, Default in Deconstruction., Alternative Interpolated Verbatim Strings, Using Declarations, Relax Ordering of ref and partial Modifiers, Disposable ref structs, Generic Attributes, Null Coalescing Assignment ,Disposable ref structs

☠️ The Pathwar Project ☠️

Find secrets and passwords in container images and file systems

Convolutional neural network for analyzing pentest screenshots

The Last Web Recon Tool You'll Need

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

OWASP Threat Dragon with Gitlab Integration

A curated list of awesome privilege escalation

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell "easier"

A Python-powered exploitation framework and botnet.

This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

Reverse Shell as a Service

WaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Explore Indicators of Compromise Automatically

Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.

A set of functions implemented using lambda-cfn to monitor an organization's AWS infrastructure for best practices, security and compliance.

Extract endpoints from APK files

Enumerate and disable common sources of telemetry used by AV/EDR.