645 Open source projects that are alternatives of or similar to pentest-reports

A default credential scanner.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Get GTFOBins info about a given exploit from the command line

Multi source CVE/exploit parser.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Script to spider a website and find publicly open S3 buckets

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Pentest Report Generator

Gorsair hacks its way into remote docker containers that expose their APIs

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

🔐 Docker Container for Penetration Testing & Security

A collection of resources I'm using while working toward the OSCP

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A curated list of awesome infosec courses and training resources.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Opening the door, one reverse shell at a time

Totally Insecure Web Application Project (TIWAP)

Find cloud assets that no one wants exposed 🔎 ☁️

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

An advanced tool for email reconnaissance

Web path scanner

Dradis Framework: Colllaboration and reporting for IT Security teams

Common password pattern generator using strings list

Wireshark Cheat Sheet

Collection of several DDos tools.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

GitBook: OSCP RoadMap

A Tool for Domain Flyovers

Pentest: Subdomains enumeration tool for penetration testers.

Idiomatic nmap library for go developers

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Cameradar hacks its way into RTSP videosurveillance cameras

Related subdomains finder

InfoPath Phishing Repo Resource

A schema and set of tools for using SQL to query cloud infrastructure.

Automated Pentest Tools Designed For Parrot Linux

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

An XMLRPC brute forcer targeting Wordpress written in Python 3. (DISCONTINUED)

A simple remote tool in C#.

pure python remote adb scanner + nmap scan module

TIGMINT: OSINT (Open Source Intelligence) GUI software framework

Web Penetration Testing with Kali Linux - Third Edition, published by Packt

You didn't think I'd go and leave the blue team out, right?

Malware Sample Sources

The essential toolkit for reversing, malware analysis, and cracking

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

A dictionary attack tool for PostgreSQL and MSSQL

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.

A memorial site for Hackers and Infosec people who have passed

Monitoring GitHub for sensitive data shared publicly

Collect email addresses by crawling search engine results.

Tools used for Penetration testing / Red Teaming