1164 Open source projects that are alternatives of or similar to spellbook

This challenge is Inon Shkedy's 31 days API Security Tips.

Pentest: Subdomains enumeration tool for penetration testers.

Turn your VPS into an attack box

Tool for catching and logging different types of requests.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

🌸 Interactive shellcoding environment to easily craft shellcodes

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢

The best tool for finding one gadget RCE in libc.so.6

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

cve-2019-0604 SharePoint RCE exploit

RFD Checker - security CLI tool to test Reflected File Download issues

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

An automated approach to performing recon for bug bounty hunting and penetration testing.

Some of my CTF solutions

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Exploiting challenges in Linux and Windows

Pentest/BugBounty progress control with scanning modules

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

pentest framework

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

kernel-pwn and writeup collection

Tool to bypass 40X response codes.

RSA primes numbers /RSA/CTFs

Argus Advanced Remote & Local Keylogger For macOS and Windows

Suggests programs to run against services found during the enumeration phase of a Pentest

RuCTFE 2019. Developed with ♥ by HackerDom team

Get GTFOBins info about a given exploit from the command line

Full Nuclei automation script with logic explanation.

XSS Payload without Anything.

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

angr tutorial for ctf

Windows MSI Installer LPE (CVE-2021-43883)

This is an open source platform for competitions of computer security.

Running nuclei Continuously

HITB SECCONF EDU CTF 2021. Developed with ❤️ by Hackerdom team and HITB.

CTF平台 动态flag docker部署管理 管理端由flask提供API VUE+element构建

GoRAT (Go Remote Access Tool) is an extremely powerful reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism.

nc 类题目的 Docker 容器资源限制、动态 flag、网页终端

一个CTF+渗透测试工具框架,集成常见加解密，密码、编码转换，端口扫描，字符处理等功能

Collection of different exploits

ImageStrike是一款用于CTF中图片隐写的综合利用工具

Unrestricted Lua Execution

Telegram Bot that keeps track and notificates subscribers about Capture The Flag competitions.

This document proposes a way of standardising the structure, language, and grammar used in security policies.

A toolkit for CTFs

Burp Commander written in Go

HTTP fuzzer engine security oriented

It's a Docker Environment for pentesting which having all the required tool for VAPT.

My personal bug bounty toolkit.

Generator of ANSI C tracers which output CTF data streams

Astra is a tool to find URLs and secrets inside a webpage/files

A simple Burp extension for scanning stuffs in CTF

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Signatures for jaeles scanner by @j3ssie

CTF windows pwntools

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'