578 Open source projects that are alternatives of or similar to Pentest

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

The Collective. A repo for a collection of red-team projects found mostly on Github.

The LAZY script will make your life easier, and of course faster.

A fully automatic wifi deauther coded in Python

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

📡 A python program to create a fake AP and sniff data.

Opening the door, one reverse shell at a time

A curated list of awesome OSCP resources

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

This Script will help you to gather information about your victim or friend.

Red Teaming Tactics and Techniques

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Information Security Library

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

network reconnaissance toolkit

My own OSCP guide

🆕 The Multi-Tool Web Vulnerability Scanner.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A high performance offensive security tool for reconnaissance and vulnerability scanning

swiss army knife for hackers

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Next generation web scanner

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

My OSCP journey

jSQL Injection is a Java application for automatic SQL database injection.

Code from my old page ge.mine.nu

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

A Hashcat wrapper for distributed hashcracking

A tool for integrating the Metasploit payload with Android's healthy programs and bypassing antivirus

Single-file PHP shell

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

A repo with information about security of Ethereum Smart Contracts

Semi-automatic OSINT framework and package manager

MSFvenom Payload Creator (MSFPC)

A .NET Standard library for pentesting web apps against credential stuffing attacks.

A simple keylogger for Windows, Linux and Mac

Dump exposed HTTP .git fast

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Interactive Network Scanner

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

DNS Sub-domain brute forcer, in Python + gevent

online port scan scraper

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Privilege Escalation Enumeration Script for Windows

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.