1012 Open source projects that are alternatives of or similar to Portia

Everything needed for doing CTFs

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Tool Information Gathering Write By Python.

Sifter aims to be a fully loaded Op Centre for Pentesters

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Quickly analyze and reverse engineer Android packages

A Golang implant that uses Slack as a command and control server

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Automatically Launch Google Hacking Queries Against A Target Domain

A tool to test security of json web token

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

🔪 Leak git repositories from misconfigured websites

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Pop shells like a master.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Powerfull XSS Scanning and Parameter analysis tool&gem

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

cve-2019-0604 SharePoint RCE exploit

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Web path scanner

scan for NTLM directories

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

A list of resources for those interested in getting started in bug bounties

jSQL Injection is a Java application for automatic SQL database injection.

Scripts I use during pentest engagements.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

The ultimate WinRM shell for hacking/pentesting

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Burp extension to passively scan for applications revealing software version numbers

Notes about attacking Jenkins servers

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Simple Karma Attack

Content for hackingthe.cloud

Burp Bounty profiles compilation, feel free to contribute!

my oscp prep collection

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

SSH man-in-the-middle tool

Fast Modular Web Interfaces Bruteforcer

Fully automated offensive security framework for reconnaissance and vulnerability scanning

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Penetration tests guide based on OWASP including test cases, resources and examples.

Collection of quality safety articles. Awesome articles.