2223 Open source projects that are alternatives of or similar to Resources

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Get GTFOBins info about a given exploit from the command line

A collection of resources I'm using while working toward the OSCP

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

a tool to analyze filesystem images for security

An advanced tool for email reconnaissance

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

RubberDucky like payloads for DigiSpark Attiny85

A collection of awesome security hardening guides, tools and other resources

List of every possible vulnerabilities in computer security.

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

A pentesting tool inspired by mr robot and derived by zphisher

🦄🔒 Awesome list of secrets in environment variables 🖥️

Infosec resource center for offensive and defensive security operations.

No description or website provided.

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

A python tool to check subdomain takeover vulnerability

Scripts I use during pentest engagements.

Selenium powered Python script to automate searching for vulnerable web apps.

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Steganography brute-force utility to uncover hidden data inside files

Sifter aims to be a fully loaded Op Centre for Pentesters

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Free Security and Hacking eBooks

An automated target reconnaissance pipeline.

Dark Web OSINT Tool

Automatically brute force all services running on a target.

Simple Golang HTTPS/TLS Examples

secureCodeBox (SCB) - continuous secure delivery out of the box

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

This challenge is Inon Shkedy's 31 days API Security Tips.

hacker, ready for more of our story ! 🚀

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Semi-automatic OSINT framework and package manager

Hacker101 CTF Writeup

Damn Vulnerable Web Application (DVWA)

kube-scan: Octarine k8s cluster risk assessment tool

A curated list of awesome infosec courses and training resources.

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

A curated list of awesome privilege escalation

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

A curated list of awesome OSCP resources

Making Favicon.ico based Recon Great again !

Web Scan Lazy Tools - Python Package

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

DNS Rebinding Exploitation Framework

A collection of response templates for invalid bug bounty reports.