556 Open source projects that are alternatives of or similar to Privesccheck

Hacking Toolkit

Yet Another PHP Shell - The most complete PHP reverse shell

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Linux enumeration tool for pentesting and CTFs with verbosity levels

Set of tools to audit SIP based VoIP Systems

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

hydra

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

ODAT: Oracle Database Attacking Tool

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

A curated list of awesome OSCP resources

A web front-end for password cracking and analytics

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Interactive Network Scanner

🔨 A modern multiple reverse shell sessions manager wrote in go

Automate Pentest Tool

Find exploit tool

Advanced Web Shell

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

online port scan scraper

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

C2/post-exploitation framework

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Linux privilege escalation exploit via snapd (CVE-2019-7304)

DNS Sub-domain brute forcer, in Python + gevent

无状态子域名爆破工具

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

OSINT Tool: Generate username lists for companies on LinkedIn

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

A swiss army knife for pentesting networks

WeirdAAL (AWS Attack Library)

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

mXtract - Memory Extractor & Analyzer

Notes for taking the OSCP in 2097. Read in book form on GitBook

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

被动式漏洞扫描系统

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

红队综合渗透框架

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

All MITM attacks in one place.

Fast directory scanning and scraping tool

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Directory/File, DNS and VHost busting tool written in Go