544 Open source projects that are alternatives of or similar to Resource_files

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

Venom - A Multi-hop Proxy for Penetration Testers

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

The Collective. A repo for a collection of red-team projects found mostly on Github.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

A set of recipes useful in pentesting and red teaming scenarios

fireELF - Fileless Linux Malware Framework

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Tactics, Techniques, and Procedures

Awesome cloud enumerator

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Open source pre-operation C2 server based on python and powershell

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Red Teaming Tactics and Techniques

DeepSea Phishing Gear

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

Passwords Recovery Tool

备考 OSCP 的各种干货资料/渗透测试干货资料

OSINT

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

mXtract - Memory Extractor & Analyzer

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

This repository contains full code examples from the book Gray Hat C#

🚀 Fast Port Scanner 🚀

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

👻Impost3r -- A linux password thief

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Automation for internal Windows Penetrationtest / AD-Security

The goal of this repository is to document the most common techniques to bypass AppLocker.

Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Our OSCP repo: from popping shells to mental health.

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Fast browser-based network discovery module

Python3 script to parse txt files containing Mimikatz output

Reverse Shell as a Service

🔪 Leak git repositories from misconfigured websites

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

WaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Responsive Command and Control System

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

红队作战中比较常遇到的一些重点系统漏洞整理。

BlackRAT - Java Based Remote Administrator Tool

The iOS Security Testing Framework