1015 Open source projects that are alternatives of or similar to Pwncat

Bifrost C2. Open-source post-exploitation using Discord API

Kali Live Build Scripts

Argus Advanced Remote & Local Keylogger For macOS and Windows

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

Common Web Managers Fuzz Wordlists

🌒 Shell command obfuscation to avoid detection systems

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Overlord - Red Teaming Infrastructure Automation

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Command line tool that allows you to explore IoT devices by using Shodan API.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🔨 A modern multiple reverse shell sessions manager wrote in go

Selenium powered Python script to automate searching for vulnerable web apps.

Automate Pentest Tool

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Awesome cloud enumerator

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🙃 Reverse Shell Cheat Sheet 🙃

Hacker101 CTF Writeup

C2/post-exploitation framework

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Gorsair hacks its way into remote docker containers that expose their APIs

The Last Web Recon Tool You'll Need

Tool Information Gathering Write By Python.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

🔑 Hash type identifier (CLI & lib)

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

A REST API security testing framework.

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A curated list of awesome infosec courses and training resources.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

👻Impost3r -- A linux password thief

OSINT Tool: Generate username lists for companies on LinkedIn

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

network reconnaissance toolkit

Python3 tool to perform password spraying using RDP

👻Stowaway -- Multi-hop Proxy Tool for pentesters

A Golang implant that uses Slack as a command and control server

Idiomatic nmap library for go developers

Steganography brute-force utility to uncover hidden data inside files

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Ruby on Rails Phishing Framework

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

A curated list of awesome privilege escalation

A fast DOM based XSS vulnerability scanner with simplicity.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Pentest Report Generator