1114 Open source projects that are alternatives of or similar to Red Teaming Toolkit

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Directory/File, DNS and VHost busting tool written in Go

ParadoxiaRat : Native Windows Remote access Tool.

Tool to check for dependency confusion vulnerabilities in multiple package management systems

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

A concise, directive, specific, flexible, and free incident response plan template

A list of web application security

🔑 Hash type identifier (CLI & lib)

sub domain wild card filtering tool

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

PoC script showing that MacOS leaves the wireless key in NVRAM, in plaintext and accessible to anyone.

Framework for building Windows malware, written in C++

This document proposes a way of standardising the structure, language, and grammar used in security policies.

A collection of resources I'm using while working toward the OSCP

A tool to automate penetration tests

NetCat for Windows

A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Python Tutorial - || Advanced Keylogger || Code Walk-through || Hacking/Info-Sec ||

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring secrecy and resiliency over performance. It's micro-service oriented allowing for specialization and lower footprint. Join the community of the ulti…

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Aggressor scripts for use with Cobalt Strike 3.0+

retrive metadata endpoint data with these one liners.

Steganography brute-force utility to uncover hidden data inside files

Personal CTF Toolkit

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

DDTTX Tabletop Trainings

平常看到好的渗透hacking工具和多领域效率工具的集合

An integrated tool and a collection of snippets which helps in the various aspects of the terminal.

TESLA PowerWall 2 Security Shenanigans

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

👻 RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware

Apache Solr Injection Research

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

Astra is a tool to find URLs and secrets inside a webpage/files

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Octopus - Network Scan/Infos & Web Scan

A fast DOM based XSS vulnerability scanner with simplicity.

👁 (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]

Totally Insecure Web Application Project (TIWAP)

Community modules for FAME

The SpecterOps project management and reporting engine

Impersonating JA3 signatures

goverview - Get an overview of the list of URLs

An introduction to security for developers.

Web Pentesting Fuzz 字典,一个就够了。

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

Little Bug Bounty & Hacking Tools⚔️

Bloodhound for Blue and Purple Teams

A Golang implant that uses Slack as a command and control server

A list of interesting payloads, tips and tricks for bug bounty hunters.

Security challenges and CTFs created by the Penultimate team.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found