175 Open source projects that are alternatives of or similar to Perfusion

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

wifi attacks suite

A minimalist command line knowledge base manager

This tool was created as a Proof of Concept to reveal the threats related to web service misconfiguration using CloudFlare as reverse proxy and WAF

Multi source CVE/exploit parser.

Yet Another PHP Shell - The most complete PHP reverse shell

整理一些内网常用渗透小工具

Dumain Bruteforcer - a fast and flexible domain bruteforcer

Tool to communicate with RPC services and check misconfigurations on NFS shares

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

./kumasia php simple backdoor

🔑 ftpknocker is a multi-threaded scanner for finding anonymous FTP servers

Open Redirect scanner - (out of date)

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Nmap and NSE command line wrapper in the style of Metasploit

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

generates weak passwords based on current date

集漏洞验证和任务运行的一个框架

an easy pentesting tool.

A tool for fuzzing for ports that allow outgoing connections

红/蓝队环境自动化部署工具

🚀 Takes minutes to explore the topology of all routable /24 prefixes in IPv4 address space. Now supports IPv6 scan!

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

Pentesting/Bugbounty Dockerfiles.

Go library for credentials recovery

Web Recon & Exploitation Tool.

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

Automated Pentest Tools Designed For Parrot Linux

Overlord - Red Teaming Infrastructure Automation

Python Script to help/automate the WiFi hacking exercises.

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

A tool for generating reverse shell payloads on the fly.

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

Quick SQL Scanner, Dorker, Webshell injector PHP

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Rustcat(rcat) - The modern Port listener and Reverse shell

Subdomain enumeration through various techniques

Credentials Checking Framework

It's a Docker Environment for pentesting which having all the required tool for VAPT.

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

Multi OTP Spam Amp/Paralell threads

The LAZY script will make your life easier, and of course faster.

Bifrost C2. Open-source post-exploitation using Discord API

The main SamuraiWTF collaborative distro repo.

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

🔥 A high-performant UDP load generator, written in Rust

🌒 Shell command obfuscation to avoid detection systems

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Awesome cloud enumerator

A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based interface using WiFi in AP or Client mode. Will work with nearly all devices that contain a standard 5V Wiegand interface. Primary target group is 26-37bit HID Cards. Similar to the Tastic RFID Thief, Blekey, and ESPKey.

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

This powershell script has got to run in remote hacked windows host, even for pivoting

🔑 Hash type identifier (CLI & lib)