576 Open source projects that are alternatives of or similar to Vulrec

Penetration tests guide based on OWASP including test cases, resources and examples.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Common Web Managers Fuzz Wordlists

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Misc. Public Reports of Penetration Testing and Security Audits.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Automatic SSRF fuzzer and exploitation tool

汽车/安卓/固件/代码安全测试工具集

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Vulnerability Dashboard

Apache Solr Injection Research

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

PoC exploit for CVE-2016-4622

burpsuite extension for check unauthorized vulnerability

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

Pop shells like a master.

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

A bootrom exploit for MediaTek devices

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Huorong Internet Security vulnerabilities 火绒安全软件漏洞

Go utilities for Debian APT repositories

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

A web crawler (for bug hunting) that gathers more than you can imagine.

Potentially dangerous files

This is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Offline APT Package Manager

Reverse Shell as a Service

Fast Modular Web Interfaces Bruteforcer

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Bruteforce HTTP Authentication

MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.

自己收集整理自用的字典

APT || Execution || Launch || APTs || ( Authors harr0ey, bohops )

Collection of quality safety articles. Awesome articles.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

A fast, simple, recursive content discovery tool written in Rust.

Script collection to bypass Network Access Control (NAC, 802.1x)

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Burp Bounty profiles compilation, feel free to contribute!

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Securify v2.0

Infection vector that bypasses AV, IDS, and IPS. (For now...)

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

DLL Password Filter Implant with Exfiltration Capabilities

Webshell Manager

Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

A curated list of awesome baseband research resources

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Find exploits in local and online databases instantly