738 Open source projects that are alternatives of or similar to Ssrf Testing

A unified console to perform the "kill chain" stages of attacks.

Relational database brute force and post exploitation tool for MySQL and MSSQL

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

The all-in-one Red Team extension for Web Pentester 🛠

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

备考 OSCP 的各种干货资料/渗透测试干货资料

Quick SQL Scanner, Dorker, Webshell injector PHP

generates weak passwords based on current date

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

The LAZY script will make your life easier, and of course faster.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🔑 Hash type identifier (CLI & lib)

Bifrost C2. Open-source post-exploitation using Discord API

Passwords Recovery Tool

This powershell script has got to run in remote hacked windows host, even for pivoting

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

Web path scanner

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Subdomain enumeration through various techniques

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

A REST API security testing framework.

Python3 tool to perform password spraying using RDP

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Exploit Pack -The next generation exploit framework

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

Next generation web scanner

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Fast Modular Web Interfaces Bruteforcer

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Quickly analyze and reverse engineer Android packages

Sifter aims to be a fully loaded Op Centre for Pentesters

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

The Last Web Recon Tool You'll Need

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Automate Pentest Tool

👻Stowaway -- Multi-hop Proxy Tool for pentesters

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

ODAT: Oracle Database Attacking Tool

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

A curated list of awesome OSCP resources

A list of resources for those interested in getting started in bug bounties

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

Privilege Escalation Enumeration Script for Windows

Browse and search through nmap's NSE scripts.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Automation for internal Windows Penetrationtest / AD-Security

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC