822 Open source projects that are alternatives of or similar to Platypus

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

The all-in-one Red Team extension for Web Pentester 🛠

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Monitor linux processes without root permissions

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️

A backdoor with a multitude of features.

Yet Another PHP Shell - The most complete PHP reverse shell

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Venom - A Multi-hop Proxy for Penetration Testers

👻Stowaway -- Multi-hop Proxy Tool for pentesters

A tool to test security of json web token

[POC] Asynchronous reverse shell using the HTTP protocol.

Go-deliver is a payload delivery tool coded in Go.

Penelope Shell Handler

Collection Of Reverse Shell that can easily generate using Python3

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Linux Rootkits (4.x Kernel)

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Micro-framework for rapid development of reusable security tools

Fast browser-based network discovery module

Empire HTTP(S) C2 redirector setup script

The Collective. A repo for a collection of red-team projects found mostly on Github.

🔪 Leak git repositories from misconfigured websites

Reverse Shell as a Service

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

A collection of useful scripts for Cobalt Strike

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

An evil RAT (Remote Administration Tool) for macOS / OS X.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

备考 OSCP 的各种干货资料/渗透测试干货资料

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

A tool for generating reverse shell payloads on the fly.

Wiki to collect Red Team infrastructure hardening resources

GoRAT (Go Remote Access Tool) is an extremely powerful reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism.

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Functions that can be used to gain Reverse Shells with PowerShell

🦄🔒 Awesome list of secrets in environment variables 🖥️

A framework for Backdoor development!

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

DNS Rebinding Exploitation Framework

A bash script for recon and DOS attacks

Python 3.5+ DNS asynchronous brute force utility

This repo will contain some basic pentest/RT commands.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Steganography brute-force utility to uncover hidden data inside files

A curated list of awesome privilege escalation