841 Open source projects that are alternatives of or similar to Top25 Parameter

HostHunter a recon tool for discovering hostnames using OSINT techniques.

红队综合渗透框架

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

A REST API security testing framework.

Attack Surface Management Platform | Sn1perSecurity LLC

hydra

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

OneForAll是一款功能强大的子域收集工具

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Open Redirect scanner - (out of date)

The Last Web Recon Tool You'll Need

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

CVE-2016-8610 (SSL Death Alert) PoC

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Dump exposed HTTP .git fast

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Privilege Escalation Enumeration Script for Windows

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Do some quick reconnaissance on a domain-based web-application

A Python3 based single-file subdomain enumerator

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

SSRF (Server Side Request Forgery) testing resources

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A wrapper for Nmap to quickly run network scans

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Set of tools to audit SIP based VoIP Systems

Relational database brute force and post exploitation tool for MySQL and MSSQL

备考 OSCP 的各种干货资料/渗透测试干货资料

A high performance offensive security tool for reconnaissance and vulnerability scanning

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

The all-in-one Red Team extension for Web Pentester 🛠

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

A python tool to check subdomain takeover vulnerability

an easy pentesting tool.

The LAZY script will make your life easier, and of course faster.

Automated All-in-One OS Command Injection Exploitation Tool.

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Pentesting/Bugbounty Dockerfiles.

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Rockyou for web fuzzing

🦄🔒 Awesome list of secrets in environment variables 🖥️

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)