780 Open source projects that are alternatives of or similar to tools

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Security tool to quickly audit Public Box files and folders.

Work in progress...

A Docker container for remote penetration testing.

VOIP Security Audit Framework

Command line tool that allows you to explore IoT devices by using Shodan API.

Generates malicious LNK file payloads for data exfiltration

Oracle Database Penetration Testing Reference (10g/11g)

A fast web directory/file enumeration tool written in Rust

A shot-for-shot remake of the Google Login Page.

GoPhish Templates that I have retired and/or templates I've recreated.

My notes on PentesterLab's Bootcamp series 🕵️

Penetration tests guide based on OWASP including test cases, resources and examples.

link is a command and control framework written in rust

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Multi OTP Spam Amp/Paralell threads

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Offensive Reverse Shell (Cheat Sheet)

Oz is a behavioral web-ui testing framework developed to reduce test maintenance by using a predictive model rather than a scriptive model when writing tests.

Modular personalized dictionary generator.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

Web Penetration Testing with Kali Linux - Third Edition, published by Packt

Automated tool for WiFi hacking.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Top 20 Kali Linux Related E-books (Free Download)

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

A Kubernetes Kustomize Manifest Validator

Kali Live Build Scripts

An advanced graphical search engine for Exploit-DB

A collection of resources I'm using while working toward the OSCP

VOIP Security Audit Framework

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

A simple Python script that reads a text file with lots of e-mails and passwords, and tries to check if those credentials are valid by trying to login on IMAP servers.

📦 json-crate: a minimalistic promise-based json database

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Work in progress...

Python-based CLI Password Analyser (Reporting Tool)

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Argus Advanced Remote & Local Keylogger For macOS and Windows

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

An RPC attack framework for Blockchain nodes.

Docker Integration and Validation Orchestrator for Elixir with Mix

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

NetCat for Windows

Useful tools and scripts during Penetration Testing engagements

Forward shell generation framework

ab testing framework with automated code removing

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

Tool to detect regressions between services

An XMLRPC brute forcer targeting Wordpress written in Python 3. (DISCONTINUED)