571 Open source projects that are alternatives of or similar to Tuktuk

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

CloudFlare Checker written in Go

CVE-2016-8610 (SSL Death Alert) PoC

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Open Redirect scanner - (out of date)

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

WireBug is a toolset for Voice-over-IP penetration testing

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Pentest Lab on OpenStack with Heat, Chef provisioning and Docker

Vulnerability Dashboard

Multi OTP Spam Amp/Paralell threads

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

The Swiss Army knife for automated Web Application Testing

a fast domain brute tool

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Ladon Moudle MS17010 Exploit for PowerShell

KratosKnife is a Advanced BOTNET Written in python 3 for Windows OS. Comes With Lot of Advanced Features such as Persistence & VM Detection Methods, Built-in Binder, etc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

BugBounty Tool

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

XSS in pastebin.com and reddit.com via unsanitized markdown output

Fast Modular Web Interfaces Bruteforcer

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

One-click installer for Frida and Burp certs for SSL Pinning bypass

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

An efficient multi-threaded DNS resolver validator

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

No description or website provided.

自己收集整理自用的字典

A list of resources for those interested in getting started in bug bounties

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

A list of payload and bypass lists for penetration testing and red team infrastructure build.

My notebook for OSCP Lab

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

This program focuses on automating the download, installation and compilation of pentest tools from source

A fast, simple, recursive content discovery tool written in Rust.

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Cross Origin Resource Sharing MisConfiguration Scanner

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

pentest framework

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Default signature for Jaeles Scanner

Change monitoring app that checks the content of web pages in different periods.