2223 Open source projects that are alternatives of or similar to Resources

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

OSINT Tool: Generate username lists for companies on LinkedIn

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Hawkeye filesystem analysis tool

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Find cloud assets that no one wants exposed 🔎 ☁️

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Gorsair hacks its way into remote docker containers that expose their APIs

A tool to fastly get all javascript sources/files

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Rockyou for web fuzzing

🎯 Command Injection Payload List

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Ruby on Rails Phishing Framework

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A web front-end for password cracking and analytics

Vagrant VirtualBox environment for conducting an internal network penetration test

Pentest: Subdomains enumeration tool for penetration testers.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

被动式漏洞扫描系统

Web Application Security Scanner Framework

A static analysis security vulnerability scanner for Ruby on Rails applications

PHP Security Check List [ EN ] 🌋 ☣️

Yet Another PHP Shell - The most complete PHP reverse shell

A Tool for Domain Flyovers

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Hetty is an HTTP toolkit for security research.

Open-Source Security Architecture | 开源安全架构

🎯 XML External Entity (XXE) Injection Payload List

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

network reconnaissance toolkit

OSINT

Exploit Pack -The next generation exploit framework

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

A default credential scanner.

Pentest Report Generator

🤖 The Modern Port Scanner 🤖

Extract endpoints from APK files

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Intelligence tool but without API key

Penetration Testing notes, resources and scripts

A tool to test security of json web token

Custom memory allocator that helps discover reads from uninitialized memory

My personal bug bounty toolkit.

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Attack Surface Management Platform | Sn1perSecurity LLC