1532 Open source projects that are alternatives of or similar to Pentesting

汽车/安卓/固件/代码安全测试工具集

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

rsGen is a Reverse Shell Payload Generator for hacking.

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

This powershell script has got to run in remote hacked windows host, even for pivoting

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Focus on cybersecurity | collection of PoC and Exploits

ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

A fast DOM based XSS vulnerability scanner with simplicity.

An automated approach to performing recon for bug bounty hunting and penetration testing.

Automated Red Team Infrastructure deployement using Docker

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Tool for catching and logging different types of requests.

Find exploits in local and online databases instantly

Little Bug Bounty & Hacking Tools⚔️

The essential toolkit for reversing, malware analysis, and cracking

goverview - Get an overview of the list of URLs

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Subdomain Takeover tool written in Go

🎯 XML External Entity (XXE) Injection Payload List

The fastest dork scanner written in Go.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

A curated list of awesome infosec courses and training resources.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

OSINT Swiss Army Knife

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Hershell is a simple TCP reverse shell written in Go.

Information Security Library

CVE-2020-11651: Proof of Concept

Web path scanner

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Awesome Node.js Security resources

A collection of response templates for invalid bug bounty reports.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

A static analysis security vulnerability scanner for Ruby on Rails applications

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Some good resources for getting started with application security

Unsigned code loader for Exynos BootROM

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

CVE-2021-43798:Grafana 任意文件读取漏洞

IoT固件漏洞挖掘工具

Python script to decrypt passwords stored by mRemoteNG

Vulnerable software and exploits used for OSCP/OSCE preparation

CVE-2020-0796 Pre-Auth POC

An introduction to security for developers.

VOIP Security Audit Framework

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

Vagrant As Automation Script

Reconness Agents Script

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/