622 Open source projects that are alternatives of or similar to Routeros

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

PoC materials for article https://habr.com/en/post/486856/

Miscellaneous exploit code

DDOS Archive by RootSec (Scanners, BotNets (Mirai and QBot Premium & Normal and more), Exploits, Methods, Sniffers)

The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Exploitation Framework for Embedded Devices

Some personal exploits/pocs

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

hacker, ready for more of our story ! 🚀

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Vulners Python API wrapper

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

Blueborne CVE-2017-0785 Android information leak vulnerability

PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

The web management platform of honeypot

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

Scan the MRZ code of a passport and extract the firstname, lastname, passport number, nationality, date of birth, expiration date and personal numer.

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter

Home of the dionaea honeypot

NodeJS Simple Network Scanner

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

Angular (2+) QR code, Barcode, DataMatrix, scanner component using ZXing.

红队综合渗透框架

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Powerfull XSS Scanning and Parameter analysis tool&gem

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Vulnerability Patterns Detector for C# and VB.NET

织梦全版本漏洞扫描

Konan - Advanced Web Application Dir Scanner

A low to medium interaction honeypot.

分析文件目录，统计数据并以树形结构和图表的形式展示结果，也可以导出多种格式留存

EternalRocks worm

Sifter aims to be a fully loaded Op Centre for Pentesters

OWASP WEB Directory Scanner

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

an awesome list of honeypot resources

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

The fast scanner generator for Java™ with full Unicode support

自动漏洞扫描器，自动子域名爆破，自动爬取注入，调用sqlmapapi检测注入，端口扫描，目录爆破，子网段服务探测及其端口扫描，常用框架漏洞检测。 Automatic scanner, automatic sub domain blasting, automatic crawl injection, injection, call the sqlmapapi port scan detection, directory service detection and segment blasting, port scanning, vulnerability detection framework commonly used.

Decrypted content of eqgrp-auction-file.tar.xz

瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf

Code scanner library for Android, based on ZXing

Proofs-of-concept

Advisories, proof of concept files and exploits that have been made public by @pedrib.

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

poc or exp of android vulnerability

RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

Auto Scanning to SSL Vulnerability