1446 Open source projects that are alternatives of or similar to Stuff

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

CTF竞赛权威指南

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Mikrotik RouterOS (6.x < 6.38.5) exploit kit. Reverse engineered from the "Vault 7" WikiLeaks publication.

Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram

Misc. Public Reports of Penetration Testing and Security Audits.

Yet Another PHP Shell - The most complete PHP reverse shell

Notes about attacking Jenkins servers

Most usable tools for iOS penetration testing

📚 VoidHack CTF write-ups

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda

200 TOOLS BY 0XID4FF0X FOR TERMUX

Public repository of static GDB and GDBServer

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

This powershell script has got to run in remote hacked windows host, even for pivoting

漏洞利用框架模块分享仓库

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Framework to test any Anti-Cheat

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

windows-kernel-exploits Windows平台提权漏洞集合

😎 Curated list about cryptocurrency security (reverse / exploit / fuzz..)

cve-2019-0604 SharePoint RCE exploit

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

linux-kernel-exploits Linux平台提权漏洞集合

😈Scripts or demo projects on iOS development or reverse engineering

Fully Featured Nintendo DS Loader for Ghidra

hack tools

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Framework for rapid development and reusable of security tools

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Ladon Moudle MS17010 Exploit for PowerShell

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

Remot3d: is a simple tool created for large pentesters as well as just for the pleasure of defacers to control server by backdoors

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢

Quickly analyze and reverse engineer Android packages

Tools for handling firmwares of DJI products, with focus on quadcopters.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

pentest framework

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A collection of hacking / penetration testing resources to make you better!

Plugin repository for xbar (the BitBar reboot)

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)

An unofficial, reverse-engineered Python API for tastyworks.

😎 A curated list of awesome, language-agnostic WebAssembly tools

MinIO Client is a replacement for ls, cp, mkdir, diff and rsync commands for filesystems and object storage.

SVScanner - Scanner Vulnerability And MaSsive Exploit.

A memory scanner plugin for x64dbg, inspired by Cheat Engine.

some pentest scripts & tools by [email protected]

Polar devices Python API and CLI.

A simple, easily extensible shell for navigating your kubernetes clusters

Nintendo Switch loader for Ghidra

Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.

Dark theme installer for Ghidra