1622 Open source projects that are alternatives of or similar to Spoilerwall

Penetration Testing notes, resources and scripts

🔑 Hash type identifier (CLI & lib)

Centralize Vulnerability Assessment and Management for DevSecOps Team

The ultimate WinRM shell for hacking/pentesting

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Extract subdomains from SSL certificates in HTTPS sites.

Next generation web scanner

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Fast Modular Web Interfaces Bruteforcer

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A list of useful payloads for Web Application Security and Pentest/CTF

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Automatic SSRF fuzzer and exploitation tool

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Micro-framework for rapid development of reusable security tools

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

备考 OSCP 的各种干货资料/渗透测试干货资料

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

OWASP WEB Directory Scanner

DISCONTINUED: a frozen fork will exist forever at mpdehaan/vespene

Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems

Powerfull XSS Scanning and Parameter analysis tool&gem

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)

The container platform tailored for Kubernetes multi-cloud, datacenter, and edge management ⎈ 🖥 ☁️

🐳 A most popular sql audit platform for mysql

Single Packet Authorization > Port Knocking

Self-hosted, easily-deployable monitoring and alerts service - like a lightweight PagerDuty

RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

Kotlin Serverless Framework

A curated list of resources for Devops

Generate unicode evil domains for IDN Homograph Attack and detect them.

kube-scan: Octarine k8s cluster risk assessment tool

🤖 An open source chat-ops bot framework

A curated list of CTF frameworks, libraries, resources and softwares

a project aim to collect CTF web practices .

Educational, CTF-styled labs for individuals interested in Memory Forensics

Most usable tools for iOS penetration testing

API Observability. Trace API calls and Monitor API performance, health and usage statistics in Node.js Microservices.

Parse, Audit, Query, Build, and Modify Cisco IOS-style configurations. Python Infrastructure as Code (IaC) for Cisco IOS (and other vendors).

An AWS CloudFormation Stack orchestrator/manager.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Exploit Pack -The next generation exploit framework

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Git with a cup of tea, painless self-hosted git service

IPBan Monitors failed logins and bad behavior and bans ip addresses on Windows and Linux. Highly configurable, lean and powerful. Learn more at -->

Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.

Kubernetes clusters for the hobbyist.

Command Line Interface for Scaleway

Automate Pentest Tool