738 Open source projects that are alternatives of or similar to Ssrf Testing

Dump exposed HTTP .git fast

🤖 The Modern Port Scanner 🤖

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

Gorsair hacks its way into remote docker containers that expose their APIs

Wiegand data logger, replay device and micro door-controller

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

DeepSea Phishing Gear

Find exploits in local and online databases instantly

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.

Browser's XSS Filter Bypass Cheat Sheet

Pentest Lab on OpenStack with Heat, Chef provisioning and Docker

online port scan scraper

network reconnaissance toolkit

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

swiss army knife for hackers

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

🔪 Leak git repositories from misconfigured websites

Notes about attacking Jenkins servers

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Generate unicode evil domains for IDN Homograph Attack and detect them.

🔄 A collection of mitmproxy inline scripts

Simple multi threaded tool to extract domain related data from commoncrawl.org

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

自己收集整理自用的字典

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

Ruby on Rails Phishing Framework

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Wordpress Attack Suite

jSQL Injection is a Java application for automatic SQL database injection.

Responsive Command and Control System

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

A fast, simple, recursive content discovery tool written in Rust.

XSHOCK Shellshock Exploit

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

Tool Information Gathering Write By Python.

Semi-automatic OSINT framework and package manager

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Abusing Impersonation Privileges on Windows 10 and Server 2019

This is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Pentest environment deployer (kali linux + targets) using vagrant and chef.

A Powerful Subdomain Takeover Tool

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Generate Gmail Emailing Keyloggers to Windows.