295 Open source projects that are alternatives of or similar to Pentest_dic

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Automate Pentest Tool

ODAT: Oracle Database Attacking Tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

hydra

Browser's XSS Filter Bypass Cheat Sheet

The best and easiest way to decode and repack AWVS scripts. AWVS 最好、最简单、最新的解码/再打包方法，仅15行代码！

☠️ The Pathwar Project ☠️

Fast directory scanning and scraping tool

Notes about attacking Jenkins servers

Penetration Testing notes, resources and scripts

cve-2019-0604 SharePoint RCE exploit

Hershell is a simple TCP reverse shell written in Go.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Automatically Launch Google Hacking Queries Against A Target Domain

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

The Web Application Hacker's Handbook - Extra Content

jSQL Injection is a Java application for automatic SQL database injection.

Pentest Report Generator

Script collection to bypass Network Access Control (NAC, 802.1x)

Tool for port forwarding & intranet proxy

A curated list of awesome OSCP resources

OSINT Swiss Army Knife

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

linux-kernel-exploits Linux平台提权漏洞集合

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

用于记录内网渗透(域渗透)学习 :-)

This is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.

A Golang implant that uses Slack as a command and control server

A list of resources for those interested in getting started in bug bounties

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

pentest framework

🔨 Manage your website via terminal

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

Pentest Lab on OpenStack with Heat, Chef provisioning and Docker

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A collection of various GitHub gists for hackers, pentesters and security researchers

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Extract subdomains from SSL certificates in HTTPS sites.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

cobaltstrike ms17-010 module and some other

Hacking Toolkit

Hacker101 CTF Writeup

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

MSDAT: Microsoft SQL Database Attacking Tool

A fast, simple, recursive content discovery tool written in Rust.

Penetration tests guide based on OWASP including test cases, resources and examples.

Pop shells like a master.

Find exploits in local and online databases instantly

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

windows-kernel-exploits Windows平台提权漏洞集合