544 Open source projects that are alternatives of or similar to Resource_files

Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File

Find web directories without bruteforce

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

A repo with information about security of Ethereum Smart Contracts

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

Reproducible and extensible BloodHound playbooks

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Fast browser-based network discovery module

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Python3 script to parse txt files containing Mimikatz output

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

CVE-2016-8610 (SSL Death Alert) PoC

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

WaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS

This is the list of all rootkits found so far on github and other sites.

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Responsive Command and Control System

Semi-automatic OSINT framework and package manager

The iOS Security Testing Framework

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

红队作战中比较常遇到的一些重点系统漏洞整理。

BlackRAT - Java Based Remote Administrator Tool

Utilities for MITRE™ ATT&CK

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

A curated list of awesome OSCP resources

RedSnarf is a pen-testing / red-teaming tool for Windows environments

Interactive Network Scanner

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

An extensible application for penetration testers and software developers to decode/encode data into various formats.

PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

记录自己编写、修改的部分工具

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Script collection to bypass Network Access Control (NAC, 802.1x)

Browse and search through nmap's NSE scripts.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

被动式漏洞扫描系统

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Micro-framework for rapid development of reusable security tools