1082 Open source projects that are alternatives of or similar to Shodan Dorks

Fast Modular Web Interfaces Bruteforcer

A list of resources for those interested in getting started in bug bounties

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Notes about attacking Jenkins servers

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Data leak checker & OSINT Tool

The ultimate WinRM shell for hacking/pentesting

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Offensive tools as Dockerfiles. Lightweight & Ready to go

Python library and CLI for the Bug Bounty Recon API

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link.

Automated Adversary Emulation Platform

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Argus Advanced Remote & Local Keylogger For macOS and Windows

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

🔑 Hash type identifier (CLI & lib)

Pop shells like a master.

Free advanced and modern Windows botnet with a nice and secure PHP panel.

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

Information Gathering tool for a Website or IP address

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

OSINT Swiss Army Knife

Quickly analyze and reverse engineer Android packages

🎯 XML External Entity (XXE) Injection Payload List

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

Apache Solr Injection Research

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Penetration Testing notes, resources and scripts

Burp Bounty profiles compilation, feel free to contribute!

Hacker101 CTF Writeup

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

pentest framework

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Set of tools to audit SIP based VoIP Systems

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

自己收集整理自用的字典

Bruteforce HTTP Authentication

Python Ransomware Tutorial - YouTube tutorial explaining code + showcasing the ransomware with victim/target roles

Find leaked secrets via github search

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Multi-thread Twitter BruteForcer in Shell Script

DLL Password Filter Implant with Exfiltration Capabilities

A fast, simple, recursive content discovery tool written in Rust.

This is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.

Pwning the Nuro issued Huawei HG8045Q