530 Open source projects that are alternatives of or similar to Shellab

File upload vulnerability scanner and exploitation tool.

Notes for taking the OSCP in 2097. Read in book form on GitBook

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

mXtract - Memory Extractor & Analyzer

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Automation for internal Windows Penetrationtest / AD-Security

fully automated pentesting tool

Automated All-in-One OS Command Injection Exploitation Tool.

fireELF - Fileless Linux Malware Framework

Sifter aims to be a fully loaded Op Centre for Pentesters

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Responsive Command and Control System

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Automatic SQL injection and database takeover tool

Exploit Pack -The next generation exploit framework

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Exploit for CVE-2019-9810 Firefox on Windows 64-bit.

Phishing Tool & Information Collector

Evaluate the security of S3 buckets

Generates malicious LNK file payloads for data exfiltration

CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!

The all-in-one Red Team extension for Web Pentester 🛠

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Hawkeye filesystem analysis tool

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

A simple wrapper for C# tools

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

A WebKit exploit using CVE-2018-4441 to obtain RCE on PS4 6.20.

Code from Blackhat Python book

Intelligence and Reconnaissance Package/Bundle installer.

Enumerate and decrypt TeamViewer credentials from Windows registry

A backdoor with a multitude of features.

Burp Suite extension to discover assets from HTTP response.

An automated e-mail OSINT tool

[POC] Asynchronous reverse shell using the HTTP protocol.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

A Virtual environment for Pentesting IoT Devices

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

retrieve information via O365 with a valid cred

Tool to generate ROP gadgets for ARM, AARCH64, x86, MIPS, PPC, RISCV, SH4 and SPARC

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

A unified console to perform the "kill chain" stages of attacks.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

🔐 Docker Container for Penetration Testing & Security

RubberDucky like payloads for DigiSpark Attiny85

Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.

A thorough library database to assist with binary exploitation tasks.