2472 Open source projects that are alternatives of or similar to Security Tools

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

It's a simple tool for test vulnerability shellshock

my oscp prep collection

📡 A python program to create a fake AP and sniff data.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Writeups for infosec Capture the Flag events by team Galaxians

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Repositório com conteúdo sobre web hacking em português

A high performance offensive security tool for reconnaissance and vulnerability scanning

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

swiss army knife for hackers

Web application vulnerability scanner

A curated list of awesome privilege escalation

Rockyou for web fuzzing

Advanced and easy to use penetration testing framework 💣🔎

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

WEB SERVICE SECURITY ASSESSMENT TOOL

Awesome .NET Security Resources

Awesome Java Security Resources 🕶☕🔐

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Idiomatic nmap library for go developers

🔑 Hash type identifier (CLI & lib)

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A tool to fastly get all javascript sources/files

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

A permutation generation tool written in golang

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Awesome Python Security resources 🕶🐍🔐

Extract endpoints from APK files

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Related subdomains finder

Yet Another PHP Shell - The most complete PHP reverse shell

A Tool for Domain Flyovers

A python tool to check subdomain takeover vulnerability

🤖 The Modern Port Scanner 🤖

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Set of tools to audit SIP based VoIP Systems

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

OSINT