1363 Open source projects that are alternatives of or similar to Punk.py

C2/post-exploitation framework

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

network reconnaissance toolkit

Bifrost C2. Open-source post-exploitation using Discord API

备考 OSCP 的各种干货资料/渗透测试干货资料

Little tool made in python to create payloads for Linux, Windows and OSX with unique handler

Multi OTP Spam Amp/Paralell threads

SSH man-in-the-middle tool

Network Pivoting Toolkit

Sifter aims to be a fully loaded Op Centre for Pentesters

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Go library for credentials recovery

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Modular personalized dictionary generator.

A collection of resources I'm using while working toward the OSCP

Tool Information Gathering Write By Python.

A tool to automate penetration tests

Attack Surface Management Platform | Sn1perSecurity LLC

Subdomain enumeration through various techniques

Web path scanner

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

🆕 The Multi-Tool Web Vulnerability Scanner.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Opening the door, one reverse shell at a time

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

Bash script that automates the enumeration of domains and DNS servers in the active information gathering.

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Statically-linked ssh server with reverse shell functionality for CTFs and such

Yet Another PHP Shell - The most complete PHP reverse shell

Automated Pentest Tools Designed For Parrot Linux

A fast web directory/file enumeration tool written in Rust

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Exploits and Security Tools Framework 2.0.1

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Hacking Toolkit

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A curated list of awesome OSCP resources

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

hydra

Work in progress...

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Penetration Testing Platform

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Multi source CVE/exploit parser.

An XMLRPC brute forcer targeting Wordpress written in Python 3. (DISCONTINUED)

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Post-Exploitation Framework

The Collective. A repo for a collection of red-team projects found mostly on Github.