593 Open source projects that are alternatives of or similar to Sessiongopher

Empire HTTP(S) C2 redirector setup script

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Linux Rootkits (4.x Kernel)

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

The Shadow Attack Framework

🔨 A modern multiple reverse shell sessions manager wrote in go

A collection of useful scripts for Cobalt Strike

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Fast browser-based network discovery module

Python 3.5+ DNS asynchronous brute force utility

🔪 Leak git repositories from misconfigured websites

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Go-deliver is a payload delivery tool coded in Go.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

The Collective. A repo for a collection of red-team projects found mostly on Github.

The all-in-one Red Team extension for Web Pentester 🛠

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

This repo will contain some basic pentest/RT commands.

A bash script for recon and DOS attacks

Wiki to collect Red Team infrastructure hardening resources

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

DNS Rebinding Exploitation Framework

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Ruby on Rails Phishing Framework

Dragonfly is an intelligent P2P based image and file distribution system.

Interactive Network Scanner

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

被动式漏洞扫描系统

Hacking Toolkit

Scripts for easy manipulation of docker-registry from command line (and from scripts)

第一个完整的react-native项目。包括服务端和移动端两部分。服务端使用express+bootstrap进行搭建，主要功能有登录、退出、模块选择、查看、修改、删除、分页等后台管理的基本功能；移动端主要用到组件View、Text、Image、ScrollView、ListView等常用的组件，也使用了第三方的地图服务(高德地图)，作为初学者。是一个很好的学习案例。

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

The toolkit to pack, ship, store, and deliver container content

A Powerful Subdomain Takeover Tool

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

A web front-end for password cracking and analytics

Node.js Application Configuration

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Exploit Pack -The next generation exploit framework

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Advanced Web Shell

Receive notifications when an image is updated on a Docker registry

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

Web Content Discovery Tool

C2/post-exploitation framework

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架