2825 Open source projects that are alternatives of or similar to Pythem

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

Go Web Application Penetration Test

Hacker101 CTF Writeup

A fast DOM based XSS vulnerability scanner with simplicity.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

An interactive multi-user web JS shell

OSINT

SSL and TLS protocol test suite and fuzzer

Information Gathering tool for a Website or IP address

swiss army knife for hackers

A Python Tool For google Hacking

network reconnaissance toolkit

Web application vulnerability scanner

WEB SERVICE SECURITY ASSESSMENT TOOL

Get PROXY List that gets updated everyday

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

linux-kernel-exploits Linux平台提权漏洞集合

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

hacker, ready for more of our story ! 🚀

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Pentest Report Generator

Tool for port forwarding & intranet proxy

A curated list of awesome privilege escalation

BitTorrent P2P multi-platform search engine for Desktop and Web servers with integrated torrent client.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

The Web Application Hacker's Handbook - Extra Content

Automatically Launch Google Hacking Queries Against A Target Domain

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Apache Solr Injection Research

Quickly analyze and reverse engineer Android packages

Penetration Testing notes, resources and scripts

Useful tools and scripts during Penetration Testing engagements

hydra

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Auto Scanning to SSL Vulnerability

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Socks proxy, and reverse socks server using powershell.

Resources about network security, including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc。More than 1700 open source tools for now. Post incoming.

Automatically brute force all services running on a target.

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

The New Hacking Framework

Automated Red Team Infrastructure deployement using Docker

OWASP WEB Directory Scanner

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

OWASP Joomla Vulnerability Scanner Project

windows-kernel-exploits Windows平台提权漏洞集合

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

Ruby on Rails Phishing Framework

Generate unicode evil domains for IDN Homograph Attack and detect them.

hack tools

Mass scan IPs for vulnerable services

Secure multithreaded packet sniffer