836 Open source projects that are alternatives of or similar to sqlscan

Multi OTP Spam Amp/Paralell threads

🔐 Docker Container for Penetration Testing & Security

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Multi source CVE/exploit parser.

A wrapper for Nmap to quickly run network scans

A tool to test security of json web token

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

hydra

Hacking Toolkit

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Subdomain enumeration through various techniques

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Yet Another PHP Shell - The most complete PHP reverse shell

A tool to automate penetration tests

Penetration Testing notes, resources and scripts

Sifter aims to be a fully loaded Op Centre for Pentesters

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

A curated list of awesome OSCP resources

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Burp Suite extension to passively scan for applications revealing server error messages

Penetration Testing Platform

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

A fast web directory/file enumeration tool written in Rust

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Penetration tests guide based on OWASP including test cases, resources and examples.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Pentest Report Generator

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Web path scanner

A Golang implant that uses Slack as a command and control server

Pentesting suite for Maltego based on data in a Metasploit database

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Burp extension to passively scan for applications revealing software version numbers

Simple Karma Attack

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Penetration test Achieve Knowledge Unite Rapid Interface

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

GUI based offensive penetration testing tool (Open Source)

🔄 A collection of mitmproxy inline scripts

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

unix SSH post-exploitation 1337 tool

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Domain name permutation engine written in Go

Automated NoSQL database enumeration and web application exploitation tool.

Audit tool to find common vulnerabilities in PHP source code

备考 OSCP 的各种干货资料/渗透测试干货资料

Collection of the cheat sheets useful for pentesting

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

Vagrant VirtualBox environment for conducting an internal network penetration test

generates weak passwords based on current date

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。