295 Open source projects that are alternatives of or similar to Runascs

Phishing Tool & Information Collector

A fast, simple, recursive content discovery tool written in Rust.

some pentest scripts & tools by [email protected]

Penetration tests guide based on OWASP including test cases, resources and examples.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Awesome Node.js Security resources

Wavestone's web interface for password cracking with hashcat

Pop shells like a master.

A Phishing Dropper designed to Pentest.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Burp Bounty profiles compilation, feel free to contribute!

Vagrant VirtualBox environment for conducting an internal network penetration test

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

The ultimate WinRM shell for hacking/pentesting

Find exploits in local and online databases instantly

Intelligence and Reconnaissance Package/Bundle installer.

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Open source all-in-one CLI tool to semi-automate pentesting.

RFD Checker - security CLI tool to test Reflected File Download issues

Collection of the cheat sheets useful for pentesting

Simple Karma Attack

A tool to test security of json web token

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

🔐 Docker Container for Penetration Testing & Security

This challenge is Inon Shkedy's 31 days API Security Tips.

A Cloudflare resolver that works

Burp Suite extension to passively scan for applications revealing server error messages

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

nray distributed port scanner

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Burp extension to passively scan for applications revealing software version numbers

An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Implement WSUSpendu attack

Chef repository for pentesting tools

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

CVE-2016-8610 (SSL Death Alert) PoC

Passwords Recovery Tool

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Set of tools to audit SIP based VoIP Systems

Vulnerability Dashboard

A list of useful payloads for Web Application Security and Pentest/CTF

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

XSS'OR - Hack with JavaScript.

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Bruteforce HTTP Authentication

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Search Exploitable Software on Linux

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram

Modern alternative to dirbuster/dirb

Inject malicious code into *.debs

Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest

Webshell Manager