831 Open source projects that are alternatives of or similar to pentesting-dockerfiles

Fully automated offensive security framework for reconnaissance and vulnerability scanning

🔺 Red Team Hardware Toolkit 🔺

Web path scanner

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Awesome cloud enumerator

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Set of tools to audit SIP based VoIP Systems

Yet Another PHP Shell - The most complete PHP reverse shell

Open Redirect scanner - (out of date)

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

A Tool for Domain Flyovers

XSS'OR - Hack with JavaScript.

OneForAll是一款功能强大的子域收集工具

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

记录自己编写、修改的部分工具

Automated NoSQL database enumeration and web application exploitation tool.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Credentials Checking Framework

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

XSHOCK Shellshock Exploit

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Nmap and NSE command line wrapper in the style of Metasploit

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

BugBounty Tool

A high performance offensive security tool for reconnaissance and vulnerability scanning

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

OSINT

平常看到好的渗透hacking工具和多领域效率工具的集合

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Little Bug Bounty & Hacking Tools⚔️

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

redteam.wiki

Wireless USB Rubber Ducky triggered via BLE (make your Ubertooth quack!)

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

Your Google Recon is Now Automated

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

🌒 Shell command obfuscation to avoid detection systems

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

It's a Docker Environment for pentesting which having all the required tool for VAPT.