2223 Open source projects that are alternatives of or similar to Resources

Open-Source Security Architecture | 开源安全架构

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Yet Another PHP Shell - The most complete PHP reverse shell

Web Application Security Scanner Framework

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

🎯 XML External Entity (XXE) Injection Payload List

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

OSINT

A default credential scanner.

Pentest: Subdomains enumeration tool for penetration testers.

Hetty is an HTTP toolkit for security research.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Identify vulnerabilities in running containers, images, hosts and repositories

My own OSCP guide

Python 3.5+ DNS asynchronous brute force utility

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

Security Tool to Look For Interesting Files in S3 Buckets

A Python Tool For google Hacking

一键提取安卓应用中可能存在的敏感信息。

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

An advanced tool for email reconnaissance

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Steganography brute-force utility to uncover hidden data inside files

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Sifter aims to be a fully loaded Op Centre for Pentesters

Tracking CVEs for the linux Kernel

a tool to analyze filesystem images for security

hacker, ready for more of our story ! 🚀

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Dump exposed HTTP .git fast

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Quickly analyze and reverse engineer Android packages

DeimosC2 is a Golang command and control framework for post-exploitation.

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

It's a simple tool for test vulnerability shellshock

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

An HTTP/HTTPS intercept proxy written in Go.

DNS Rebinding Exploitation Framework

Automatically Launch Google Hacking Queries Against A Target Domain

Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

Fast web fuzzer written in Go

NetCat for Windows

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

Attack surface mapping

Drone pentesting framework console

👻Impost3r -- A linux password thief

A curated list of awesome privilege escalation

fireELF - Fileless Linux Malware Framework

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

mXtract - Memory Extractor & Analyzer

Notes for taking the OSCP in 2097. Read in book form on GitBook