1532 Open source projects that are alternatives of or similar to Pentesting

Common Web Managers Fuzz Wordlists

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

My exploitDB.

SSL and TLS protocol test suite and fuzzer

Dradis Framework: Colllaboration and reporting for IT Security teams

A static analysis security vulnerability scanner for Ruby on Rails applications

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Open-Source Security Architecture | 开源安全架构

Automatic SQL injection with Charles and sqlmap api

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

🎯 Server Side Template Injection Payloads

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

Wordpress Vulnerability Scanner

Automated NoSQL database enumeration and web application exploitation tool.

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

Set of tools to audit SIP based VoIP Systems

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

A Blazing fast Security Auditing tool for Kubernetes

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

A collection of some of my scripts

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

🖖 Fast, modern, easy-to-use network scanner

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

all manner of wordlists

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

rsGen is a Reverse Shell Payload Generator for hacking.

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

PHP Security Check List [ EN ] 🌋 ☣️

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

Extraction of iMessage Data via XSS

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Proof of concept of VMSA-2017-0012

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

Multi source CVE/exploit parser.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

汽车/安卓/固件/代码安全测试工具集

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Focus on cybersecurity | collection of PoC and Exploits

ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

The essential toolkit for reversing, malware analysis, and cracking

sub domain wild card filtering tool

CVE-2020-11651: Proof of Concept

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Information Security Library

Some good resources for getting started with application security

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

GZip HTTP Bombing in Python for everyone

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

DoS PoC's for SAP products

Unsigned code loader for Exynos BootROM

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations