328 Open source projects that are alternatives of or similar to pitch

Leaked pentesting manuals given to Conti ransomware crooks

渗透测试☞经验/思路/总结/想法/笔记

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Notes Taken for HTB Machines & InfoSec Community.

Side-channel file transfer between independent VMs or processes executed on the same physical host.

Just another useless C2 occupying space in some HDD somewhere.

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.

all manner of wordlists

Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS

A collection of some of my scripts

Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.

Backend logic implementation for Vulnerability Management System

The essential toolkit for reversing, malware analysis, and cracking

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

Additional Resources For Securing The Stack Tutorials

A lockout aware password sprayer

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Personal security checklist for securing your devices and accounts.

A schema and set of tools for using SQL to query cloud infrastructure.

An intelligent React component to obfuscate any contact link!

A Blazing fast Security Auditing tool for Kubernetes

A simple remote tool in C#.

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

Monitoring GitHub for sensitive data shared publicly

InfoPath Phishing Repo Resource

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

You didn't think I'd go and leave the blue team out, right?

Red Teaming Tactics and Techniques

A memorial site for Hackers and Infosec people who have passed

🖖 Fast, modern, easy-to-use network scanner

Script to spider a website and find publicly open S3 buckets

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

A simple way to know if you are on the list of major security breaches like "HIBP", but it is specific for Iran.

Malware Sample Sources

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Turn your VPS into an attack box

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

One stop place for exploiting Jira instances in your proximity

NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)

Related subdomains finder

Dashboard to collect, analyze, and respond to reported phishing emails.

Multi-threaded Padding Oracle attacks against any service. Written in Rust.

KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.

Multi source CVE/exploit parser.

Cameradar hacks its way into RTSP videosurveillance cameras

Information Security Library

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

TIGMINT: OSINT (Open Source Intelligence) GUI software framework

An OSINT tool to find contacts in order to report security vulnerabilities.

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

unix wildcard attacks

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

A collection of all the data i could extract from 1 billion leaked credentials from internet.

Zero-setup SSH-based scanner with extensive visualizations for Debian server inventory, policy compliance and vulnerabilities

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.