1532 Open source projects that are alternatives of or similar to Pentesting

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

gtfo, now with the speed of golang

Scan for and exploit Consul agents

useful pentest note

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

Simple script that utilities discord's flaw in detecting who blocked who.

Security challenges and CTFs created by the Penultimate team.

Python AV Evasion Tools

Swiftly search FDNS datasets from Rapid7 Open Data

A complete Grabber, sending data to a TCP server that you have to host and stocking all in a database.

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

Para pencari bug / celah kemanan bisa bergabung.

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

No description or website provided.

vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.

Self defense post module for metasploit

Burp Commander written in Go

Custom security distro for remote penetration testing

Collection of several DDos tools.

A collection of useful links for Pentesters

CRAX: software CRash analysis for Automatic eXploit generation

Malicious use of macho, such as dump-runtime-macho, function-hook.

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.

The first tool to download any Guitar Pro file, including 'Official' from Ultimate Guitar

A minimalist re-implementation of the Fusée Gelée exploit (http://memecpy.com), designed to run on embedded Linux devices. (Zero dependencies)

scripts to setup pentesting system and use during pentest

Basic tool to automate backdooring PE files

HTTP fuzzer engine security oriented

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

RFMap - Radio Frequency Mapper

Github mirror of "mediawiki/tools/phan/SecurityCheckPlugin" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

No description or website provided.

Host Header Injection Checker

My python3 implementation of a Forward Shell

POC de uma aplicação de domínio financeiro.

Pools organized for Epitech's students in 2021.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.

Scan installed EDRs and AVs on Windows

Http request smuggling vulnerability scanner

Intentionally vulnerable Android application.

An efficient multi-threaded DNS resolver validator

A Ruby micro-framework for writing and running exploits

Creates a Simulation of Fake Web Events

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

Kubernetes Scanner

Unleash the power of cloud

Tenable.io SDK offers a scalable and safe way to integrate with the Tenable.io platform.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

A curated list of security resources for a Ruby on Rails application

A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques

Mass querying whois records

Running nuclei Continuously

A support library for Ronin. Like activesupport, but for hacking!

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities