315 Open source projects that are alternatives of or similar to Pentest

Automatic SSRF fuzzer and exploitation tool

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

自己收集整理自用的字典

Burp extension to passively scan for applications revealing software version numbers

Open source all-in-one CLI tool to semi-automate pentesting.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

This is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.

Chef repository for pentesting tools

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

CVE-2016-8610 (SSL Death Alert) PoC

cve-2019-0604 SharePoint RCE exploit

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Vulnerability Dashboard

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Set of tools to audit SIP based VoIP Systems

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Pop shells like a master.

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

A tool to test security of json web token

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Burp Bounty profiles compilation, feel free to contribute!

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Wavestone's web interface for password cracking with hashcat

Hacking Toolkit

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

MSDAT: Microsoft SQL Database Attacking Tool

Bruteforce HTTP Authentication

Generate Gmail Emailing Keyloggers to Windows.

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

OWASP WEB Directory Scanner

A Cloudflare resolver that works

RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

Find exploits in local and online databases instantly

Automate Pentest Tool

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

hydra

The ultimate WinRM shell for hacking/pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

RFD Checker - security CLI tool to test Reflected File Download issues

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Collection of quality safety articles. Awesome articles.

Attack Surface Management Platform | Sn1perSecurity LLC

nray distributed port scanner

Hershell is a simple TCP reverse shell written in Go.

Webshell Manager

pentest framework

This challenge is Inon Shkedy's 31 days API Security Tips.

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

Docker images for infosec tools

Username enumeration and password spraying tool aimed at Microsoft O365.