1965 Open source projects that are alternatives of or similar to Vhostscan

This script will you help to find the information about the website and to help in penetrating testing

Security tool to quickly audit Public Box files and folders.

记录自己编写、修改的部分工具

Pentest Report Generator

Awesome cloud enumerator

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

PHP Security Check List [ EN ] 🌋 ☣️

ATT&CK实操

Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.

An open source batch script based WiFi Passview for Windows!

This is an advanced script for Instagram bruteforce attacks. WARNING THIS IS A REAL TOOL!

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Top 100 Hacking & Security E-Books (Free Download)

Automated Red Team Infrastructure deployement using Docker

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Repositório com conteúdo sobre web hacking em português

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

This repository created for personal use and added tools from my latest blog post.

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Free Security and Hacking eBooks

A curated list of awesome privilege escalation

Tool to generate smart and powerful wordlists

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Ruby on Rails Phishing Framework

This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

A tool to fastly get all javascript sources/files

Complete Listing and Usage of Tools used for Ethical Hacking

Exploits and Security Tools Framework 2.0.1

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Sifter aims to be a fully loaded Op Centre for Pentesters

(deprecated) Android application vulnerability analysis and Android pentest tool

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

A static analysis security vulnerability scanner for Ruby on Rails applications

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

New Interface And Loading Screen For Termux Users

CTF Cheatsheet

Attack surface mapping

Vagrant VirtualBox environment for conducting an internal network penetration test

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

C2/post-exploitation framework

Rubyfu, where Ruby goes evil!

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Web Scan Lazy Tools - Python Package

Hacker101 CTF Writeup

Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contributions are appreciated. Enjoy!

💣 Impulse Denial-of-service ToolKit

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

ParadoxiaRat : Native Windows Remote access Tool.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

🙃 Reverse Shell Cheat Sheet 🙃

A MongoDB importer and API for Project Sonars DNS datasets

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Steganography brute-force utility to uncover hidden data inside files