380 Open source projects that are alternatives of or similar to report-ng

Burp Bounty profiles compilation, feel free to contribute!

Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.

Utilities for creating Burp Suite Extensions.

Burp extension to passively scan for applications revealing software version numbers

Burp extension for automated handling of CSRF tokens

Burp Commander written in Go

Burp Suite Pro Loader & Keygen ( All version supported )

The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…

Burp Extension that copies a request and builds a FFUF skeleton

Burp Suite extension to passively scan for applications revealing server error messages

Burp extension intended to compact Burp extension tabs by hijacking them to own tab.

Python script that converts Burp Suite HTTP proxy history files to CSV or HTML

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Vagrant VirtualBox environment for conducting an internal network penetration test

A list of useful payloads for Web Application Security and Pentest/CTF

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

Modern alternative to dirbuster/dirb

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Collection of the cheat sheets useful for pentesting

Burp Suite Extension - Trigger actions and reshape HTTP request/response and WebSocket traffic using configurable rules

Implement WSUSpendu attack

Search Exploitable Software on Linux

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Simple socket-based gateway to the Burp Collaborator

Inject malicious code into *.debs

Phishing Tool & Information Collector

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

A simple Burp extension for scanning stuffs in CTF

Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

A Phishing Dropper designed to Pentest.

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Intelligence and Reconnaissance Package/Bundle installer.

A stealthy Python based Windows backdoor that uses Github as a command and control server

The ONLY hacker friendly proxy for webapp pentests.

Vendor-Neutral Security Tool Automation Controller (over REST)

Generate Payloads and Control Remote Machines. [Discontinued]

CFURL Cache inspector for Burp Suite

A repository for scripting a mobile attack toolchain

🔐 Docker Container for Penetration Testing & Security

[unmaintained] Post-exploitation tool

Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.

Multiplatform payload dropper

TechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info

Data leak checker & OSINT Tool

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Tool for catching and logging different types of requests.

Git All the Payloads! A collection of web attack payloads.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

A list of payload and bypass lists for penetration testing and red team infrastructure build.

A collection of pentest tools and resources targeting Hadoop environments

Passwords Recovery Tool

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Burp extension to decode NTLM SSP headers and extract domain/host information

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

XSS'OR - Hack with JavaScript.

generates weak passwords based on current date

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.