1300 Open source projects that are alternatives of or similar to Solr Injection

Collection of quality safety articles. Awesome articles.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

TechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Git All the Payloads! A collection of web attack payloads.

Most usable tools for iOS penetration testing

汽车/安卓/固件/代码安全测试工具集

cve-2019-0604 SharePoint RCE exploit

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

The Web Application Hacker's Handbook - Extra Content

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Source code for Hacker101.com - a free online web and mobile security class.

web scanner - exploitation - information gathering

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

scan for NTLM directories

Quickly analyze and reverse engineer Android packages

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Common Web Managers Fuzz Wordlists

Automatically Launch Google Hacking Queries Against A Target Domain

A curated list of awesome privilege escalation

hacker, ready for more of our story ! 🚀

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

Fast Modular Web Interfaces Bruteforcer

Pop shells like a master.

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

Set of tools to audit SIP based VoIP Systems

The ultimate WinRM shell for hacking/pentesting

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Offensive tools as Dockerfiles. Lightweight & Ready to go

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Audit tool to find common vulnerabilities in PHP source code

Vagrant VirtualBox environment for conducting an internal network penetration test

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Proofs-of-concept

Burp Bounty profiles compilation, feel free to contribute!

HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Hacker101 CTF Writeup

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

漏洞研究

Kubernetes security and vulnerability tools and utilities.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

Next generation web scanner

Free advanced and modern Windows botnet with a nice and secure PHP panel.

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

(deprecated) Android application vulnerability analysis and Android pentest tool

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Information about my experiences on ethical hacking 💀

Misc. Public Reports of Penetration Testing and Security Audits.