1936 Open source projects that are alternatives of or similar to Thc Archive

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

cve-2019-0604 SharePoint RCE exploit

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Micro-framework for rapid development of reusable security tools

Asynchronous Python implementation of SlowLoris DoS attack

Awesome cloud enumerator

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Automatically Launch Google Hacking Queries Against A Target Domain

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

Study Notes For Web Hacking / Web安全学习笔记

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Hacker101 CTF Writeup

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

🔪 Leak git repositories from misconfigured websites

Know the dangers of credential reuse attacks.

Botnet targeting Windows machines written entirely in Python & open source security project.

A collection of android Exploits and Hacks

The ultimate WinRM shell for hacking/pentesting

A collection of hacking / penetration testing resources to make you better!

Automated NoSQL database enumeration and web application exploitation tool.

Idiomatic nmap library for go developers

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

RubberDucky like payloads for DigiSpark Attiny85

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

The all-in-one Red Team extension for Web Pentester 🛠

Tool Information Gathering Write By Python.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

200 TOOLS BY 0XID4FF0X FOR TERMUX

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

Extract subdomains from SSL certificates in HTTPS sites.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Quickly analyze and reverse engineer Android packages

Multi source CVE/exploit parser.

Quick SQL Scanner, Dorker, Webshell injector PHP

swiss army knife for hackers

network reconnaissance toolkit

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

This powershell script has got to run in remote hacked windows host, even for pivoting

A Tool that Finds, Enumerates, and Exploits Reolink Cameras.

Simple and fast discord token cracker

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.