1082 Open source projects that are alternatives of or similar to Shodan Dorks

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Git All the Payloads! A collection of web attack payloads.

Automated Red Team Infrastructure deployement using Docker

A list of resources for those interested in getting started in bug bounties

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Automatically Launch Google Hacking Queries Against A Target Domain

📝 ⌨️ A GNU/Linux keylogger that works!

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Burp Bounty profiles compilation, feel free to contribute!

An ongoing list of virtual cybersecurity conferences.

Quickly analyze and reverse engineer Android packages

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Penetration Testing notes, resources and scripts

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

Powerfull XSS Scanning and Parameter analysis tool&gem

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

Framework для сбора данных из открытых источников. В Framework используется большое количество API, их необходимо зарегистрировать самому.​

cve-2019-0604 SharePoint RCE exploit

Get All Registered Wifi Passwords from Target Computer.

A curated list of awesome privilege escalation

OSINT Swiss Army Knife

The Web Application Hacker's Handbook - Extra Content

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

Apache Solr Injection Research

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hack Cameras CCTV FREE

Hacking Toolkit

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Collection of quality safety articles. Awesome articles.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Notes about attacking Jenkins servers

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

jSQL Injection is a Java application for automatic SQL database injection.

Asynchronous Python implementation of SlowLoris DoS attack

pentest framework

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Vulnerability Dashboard

Awesome Node.js Security resources

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Pop shells like a master.

A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

network reconnaissance toolkit

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Automating Jenkins Hacking using Shodan API

Fast Modular Web Interfaces Bruteforcer