1501 Open source projects that are alternatives of or similar to Sn1per

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Next generation web scanner

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Set of tools to audit SIP based VoIP Systems

A tool to automate penetration tests

Cameradar hacks its way into RTSP videosurveillance cameras

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

🔐 Docker Container for Penetration Testing & Security

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

The all-in-one Red Team extension for Web Pentester 🛠

备考 OSCP 的各种干货资料/渗透测试干货资料

Hacking Toolkit

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

A tool to test security of json web token

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Web path scanner

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

无状态子域名爆破工具

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A REST API security testing framework.

Search for Directory Traversal Vulnerabilities

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A high performance offensive security tool for reconnaissance and vulnerability scanning

Extract subdomains from SSL certificates in HTTPS sites.

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Automated NoSQL database enumeration and web application exploitation tool.

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

The Collective. A repo for a collection of red-team projects found mostly on Github.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

👻Impost3r -- A linux password thief

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Leaked pentesting manuals given to Conti ransomware crooks

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Argus Advanced Remote & Local Keylogger For macOS and Windows

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.