1142 Open source projects that are alternatives of or similar to Thecollective

Utilities for MITRE™ ATT&CK

Pentest Report Generator

A curated list of awesome privilege escalation

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell "easier"

This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

Extract endpoints from APK files

Script collection to bypass Network Access Control (NAC, 802.1x)

Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

ParadoxiaRat : Native Windows Remote access Tool.

Interactive Network Scanner

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Simple Server Side Request Forgery services enumeration tool.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.

Directory Services Internals (DSInternals) PowerShell Module and Framework

A curated list of amazingly awesome Cybersecurity datasets

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

A .NET Standard library for pentesting web apps against credential stuffing attacks.

Automatic SQL injection and database takeover tool

Burpsuite-Plugins-Usage

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Open-Source Ransomware As A Service for Linux, MacOS and Windows

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

Privilege Escalation Enumeration Script for Windows

🤖 The Modern Port Scanner 🤖

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

Burp Suite extension to passively scan for applications revealing server error messages

Python3 tool to perform password spraying using RDP

List of Awesome Red Teaming Resources

An analytical framework for network traffic and behavioral analytics

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Open Redirect Payloads

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

Web Application Security Scanner

记录自己编写、修改的部分工具

Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.

Security Tool to Look For Interesting Files in S3 Buckets

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

WebMap-Nmap Web Dashboard and Reporting

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

An Android app that lets you use your access control card cloning devices in the field.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Unified Cybersecurity Ontology

被动式漏洞扫描系统

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

Exploit Pack -The next generation exploit framework