1066 Open source projects that are alternatives of or similar to reconmap

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

This document proposes a way of standardising the structure, language, and grammar used in security policies.

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Generates malicious LNK file payloads for data exfiltration

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

Deep Security's APIs make it simple to integration with a variety of AWS Services

Git folder digger, I'm sure it's worthwhile stuff.

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

PHP - Automatically add an "index.php" in all directories recursively

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker

Host Header Injection Scanner

Tools used for Penetration testing / Red Teaming

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

DDTTX Tabletop Trainings

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Automated Web Recon Shell Scripts

Python Tutorial - || Advanced Keylogger || Code Walk-through || Hacking/Info-Sec ||

Information Security Library

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

Additional Resources For Securing The Stack Tutorials

Linux Privilege Escalation Tool By WazeHell

Zero-setup SSH-based scanner with extensive visualizations for Debian server inventory, policy compliance and vulnerabilities

备考 OSCP 的各种干货资料/渗透测试干货资料

Astra is a tool to find URLs and secrets inside a webpage/files

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

goverview - Get an overview of the list of URLs

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Automated script to run all modules for a specified list of domains, netblocks or company name

Penetration Testing Notes and Playbook (PTP)

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

Deploy, update, and stage your WAFs while managing them centrally via FMS.

Bash script that automates the enumeration of domains and DNS servers in the active information gathering.

GoPhish Templates that I have retired and/or templates I've recreated.

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Nozzlr is a bruteforce framework, trully modular and script-friendly

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

pentest toolbox

Python script wrote to automate the process of generating various reverse shells.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Automated Pentest Tools Designed For Parrot Linux

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

🤖 Run a Mayhem for API scan in GitHub Actions

Automated NoSQL database enumeration and web application exploitation tool.

Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

My personal bug bounty toolkit.

Turn your VPS into an attack box

Scan secrets from Continuous Integration Build Logs

Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

AutoPentest-DRL: Automated Penetration Testing Using Deep Reinforcement Learning

Dark-Phish is a complete phishing tool. For more about Dark-Phish tool please visit the website.