2526 Open source projects that are alternatives of or similar to Pentesting Bible

Rockyou for web fuzzing

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Tool-X is a kali linux hacking Tool installer. Tool-X developed for termux and other Linux based systems. using Tool-X you can install almost 370+ hacking tools in termux app and other linux based distributions.

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

🎯 SQL Injection Payload List

记录自己编写、修改的部分工具

An OSINT tool to gather information about the real owner of a phone number

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Automatically Launch Google Hacking Queries Against A Target Domain

A tool to fastly get all javascript sources/files

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

onex is a hacking tool installer and package manager for hackers. Onex is a library of all hacking tools for Termux and other Linux distributions. onex can install any third party tool or any hacking tool for you.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

🔎 Hunt down social media accounts by username across social networks

A passive subdomain finder

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Social media hunter

Enumerate information from NTLM authentication enabled web endpoints 🔎

Extracting URLs of a specific target based on the results of "commoncrawl.org"

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Next generation web scanner

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.

Pentesting/Bugbounty Dockerfiles.

This Script will help you to gather information about your victim or friend.

Evildork targeting your fiancee👁️

The Most Powerful Fake Page Redirecting tool...

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Information gathering & website reconnaissance | https://phishstats.info/

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Complete Listing and Usage of Tools used for Ethical Hacking

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

🔎 Find usernames across social networks

平常看到好的渗透hacking工具和多领域效率工具的集合

Quack Toolkit is a set of tools to provide denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.

This repository contains full code examples from the book Gray Hat C#

network reconnaissance toolkit

jSQL Injection is a Java application for automatic SQL database injection.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

OneForAll是一款功能强大的子域收集工具

linux post-exploitation framework made by linux user

Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Good info about DeepWeb and OSINT

Tool Information Gathering Write By Python.