544 Open source projects that are alternatives of or similar to Ttps

OSINT

fireELF - Fileless Linux Malware Framework

👻Impost3r -- A linux password thief

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

DeepSea Phishing Gear

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

This repository contains full code examples from the book Gray Hat C#

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Automation for internal Windows Penetrationtest / AD-Security

The Collective. A repo for a collection of red-team projects found mostly on Github.

Passwords Recovery Tool

Red Teaming Tactics and Techniques

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

mosquito - Automating reconnaissance and brute force attacks

mXtract - Memory Extractor & Analyzer

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Venom - A Multi-hop Proxy for Penetration Testers

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

🚀 Fast Port Scanner 🚀

A set of recipes useful in pentesting and red teaming scenarios

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Awesome cloud enumerator

Open source pre-operation C2 server based on python and powershell

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

备考 OSCP 的各种干货资料/渗透测试干货资料

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

A fast DOM based XSS vulnerability scanner with simplicity.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Hetty is an HTTP toolkit for security research.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Web Pentesting Fuzz 字典,一个就够了。

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Overlord - Red Teaming Infrastructure Automation

A tool to automate penetration tests

locate and attack Lync/Skype for Business

Selenium powered Python script to automate searching for vulnerable web apps.

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

cobaltstrike ms17-010 module and some other

Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning

Port scanning and domain utility.

Collection of pentesting scripts

Collection of PoC and offensive techniques used by the BlackArrow Red Team

Extract subdomains from SSL certificates in HTTPS sites.