571 Open source projects that are alternatives of or similar to Tuktuk

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

DNS-Discovery is a multithreaded subdomain bruteforcer.

CVE-2017-9506 - SSRF

Collection of Facebook Bug Bounty Writeups

Docker images for infosec tools

Web Application recon automation

Python library and CLI for the Bug Bounty Recon API

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Automated NoSQL database enumeration and web application exploitation tool.

DLL Password Filter Implant with Exfiltration Capabilities

Repositório com conteúdo sobre web hacking em português

Urls de-duplication tool for better recon.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

KratosKnife is a Advanced BOTNET Written in python 3 for Windows OS. Comes With Lot of Advanced Features such as Persistence & VM Detection Methods, Built-in Binder, etc

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Fast Modular Web Interfaces Bruteforcer

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

自己收集整理自用的字典

A list of payload and bypass lists for penetration testing and red team infrastructure build.

A fast, simple, recursive content discovery tool written in Rust.

Hacking tools

🎯 Server Side Template Injection Payloads

Hooks in to interesting functions and helps reverse the web app faster.

Command line tool for testing CRLF injection on a list of domains.

🔐 Docker Container for Penetration Testing & Security

Awesome Node.js Security resources

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

A Python3 based single-file subdomain enumerator

Offensive tools as Dockerfiles. Lightweight & Ready to go

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.

Random Tools for Bug Bounty

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Pop shells like a master.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

nray distributed port scanner

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Script collection to bypass Network Access Control (NAC, 802.1x)

A note-taking macOS app for penetration-testers.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Burp Bounty profiles compilation, feel free to contribute!

A Colab For Bug Hunting!

C2Hack, sharing tips and tricks for pentesters

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

Subdomain Takeover tool written in Go

An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

🔺 Red Team Hardware Toolkit 🔺

Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest

SSRF (Server Side Request Forgery) testing resources

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...