1402 Open source projects that are alternatives of or similar to Resources For Beginner Bug Bounty Hunters

Collection of quality safety articles. Awesome articles.

Source code for Hacker101.com - a free online web and mobile security class.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

pentest framework

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A Deliberately Insecure Web Application

Git All the Payloads! A collection of web attack payloads.

Pentest: Subdomains enumeration tool for penetration testers.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Powerfull XSS Scanning and Parameter analysis tool&gem

Open-source vulnerability disclosure and bug bounty program database.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Nuclei Templates to reproduce Cracking the lens's Research

Install And Use Kali Linux With Gui In Termux

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Hacking Toolkit

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

My thorough introduction to Vim

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Next generation web scanner

Hacker101 CTF Writeup

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

A list of web application security

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Web path scanner

Clear all your logs in [linux/windows] servers 🛡️

Vagrant VirtualBox environment for conducting an internal network penetration test

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Modified Nuclei Templates Version to FUZZ Host Header

A Tool for Domain Flyovers

Related subdomains finder

Free advanced and modern Windows botnet with a nice and secure PHP panel.

Web Application Security Scanner Framework

🎯 PHP / ASP - Shell Backdoor List 🎯

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

平常看到好的渗透hacking工具和多领域效率工具的集合

A fast DOM based XSS vulnerability scanner with simplicity.

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Quickly analyze and reverse engineer Android packages

Web application vulnerability scanner

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

A curated list of awesome privilege escalation

Personal CTF Toolkit

Apache Solr Injection Research

Penetration Testing notes, resources and scripts

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Automatically Launch Google Hacking Queries Against A Target Domain

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.