1010 Open source projects that are alternatives of or similar to Sherlock

Web application vulnerability scanner

Functions that can be used to gain Reverse Shells with PowerShell

Automated Adversary Emulation Platform

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Just another useless C2 occupying space in some HDD somewhere.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Monitoring GitHub for sensitive data shared publicly

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

A tool for generating reverse shell payloads on the fly.

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

🔎 shodansploit > v1.3.0

This repo will contain some basic pentest/RT commands.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

A humble, and fast, security-oriented HTTP headers analyzer

The all-in-one Red Team extension for Web Pentester 🛠

Monitoring GitLab for sensitive data shared publicly

Collection of PowerShell functions a Red Teamer may use to collect data from a machine

Offensive Reverse Shell (Cheat Sheet)

备考 OSCP 的各种干货资料/渗透测试干货资料

The Collective. A repo for a collection of red-team projects found mostly on Github.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Secure, Unified, Powerful and Extensible Rust Android Analyzer

Web Scan Lazy Tools - Python Package

⚡️ Docker official image for Wallarm Node. API security platform agent.

Monitoring your Slack workspaces for sensitive information

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Red Teaming Tactics and Techniques

A collection of Cobalt Strike aggressor scripts

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

个人教学 Wiki

Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

JALSI - Just Another Lame Shellcode Injector

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

A C2 post-exploitation framework

It records your terminal, then lets you upload to ASHIRT

Who and what to follow in the world of cyber security

收集网络上公开的漏洞扫描器的白皮书。

一款可以检测WEB蜜罐并阻断请求的Chrome插件，能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api

Sandfly Security Agentless Compromise and Intrusion Detection System For Linux

Different utility scripts for pentesting and hacking.

A simple tool to detect outdated shared libraries

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Some good resources for getting started with application security

Hacking arsenal. This script download the latest tools, wordlists, releases and install common hacking tools

Additional Resources For Securing The Stack Tutorials

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.

edge --> powerpoint --> remote-file --> shell

Provides various Windows Server Active Directory (AD) security-focused reports.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

This is the official main repository for the Assimilation project

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.

基于Threathunting-book基础上完善的狩猎视角红队handbook

Improve your code security by running different security checks/validation in a simple way.

一款适用于红蓝对抗中的仿真钓鱼系统