1011 Open source projects that are alternatives of or similar to Security Scripts

🔪 Leak git repositories from misconfigured websites

hydra

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Hashcat web interface

Find cloud assets that no one wants exposed 🔎 ☁️

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

A cross-platform note-taking & target-tracking app for penetration testers.

Gorsair hacks its way into remote docker containers that expose their APIs

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Command line tool that allows you to explore IoT devices by using Shodan API.

AWS Identity and Access Management Visualizer and Anomaly Finder

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A set of recipes useful in pentesting and red teaming scenarios

A Virtual environment for Pentesting IoT Devices

🤖 The Modern Port Scanner 🤖

Python 3.5+ DNS asynchronous brute force utility

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

👻Impost3r -- A linux password thief

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Steganography brute-force utility to uncover hidden data inside files

Generates malicious LNK file payloads for data exfiltration

🆕 The Multi-Tool Web Vulnerability Scanner.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

The Collective. A repo for a collection of red-team projects found mostly on Github.

Useful tools and scripts during Penetration Testing engagements

Penetration Testing notes, resources and scripts

OSINT Tool: Generate username lists for companies on LinkedIn

👻Stowaway -- Multi-hop Proxy Tool for pentesters

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Infection Monkey - An automated pentest tool

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

无状态子域名爆破工具

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Ruby on Rails Phishing Framework

Web path scanner

Dradis Framework: Colllaboration and reporting for IT Security teams

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

A curated list of awesome OSCP resources

A default credential scanner.

Exploit Pack -The next generation exploit framework

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

fireELF - Fileless Linux Malware Framework

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Find web directories without bruteforce

Micro-framework for rapid development of reusable security tools