1440 Open source projects that are alternatives of or similar to Pwn_jenkins

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Hacker101 CTF Writeup

Hacking tools

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

my oscp prep collection

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

Pop shells like a master.

Powerfull XSS Scanning and Parameter analysis tool&gem

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

200 TOOLS BY 0XID4FF0X FOR TERMUX

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

A curated list of awesome privilege escalation

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

Git All the Payloads! A collection of web attack payloads.

CTF竞赛权威指南

Automated Red Team Infrastructure deployement using Docker

DoS PoC's for SAP products

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Vagrant VirtualBox environment for conducting an internal network penetration test

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Free advanced and modern Windows botnet with a nice and secure PHP panel.

Quickly analyze and reverse engineer Android packages

The Web Application Hacker's Handbook - Extra Content

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Yet Another PHP Shell - The most complete PHP reverse shell

Misc. Public Reports of Penetration Testing and Security Audits.

Penetration Testing notes, resources and scripts

Apache Solr Injection Research

A collection of android Exploits and Hacks

Next generation web scanner

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

linux-kernel-exploits Linux平台提权漏洞集合

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

jSQL Injection is a Java application for automatic SQL database injection.

Automatically Launch Google Hacking Queries Against A Target Domain

hack tools

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Ruby on Rails Phishing Framework

开源运维平台：面向中小型企业设计的轻量级无Agent的自动化运维平台，整合了主机管理、主机批量执行、主机在线终端、文件在线上传下载、应用发布部署、在线任务计划、配置中心、监控、报警等一系列功能。

Vulnerability Dashboard