1323 Open source projects that are alternatives of or similar to Vulscan

PS / Bash / Python / Other scripts For FUN!

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Burp Suite extension to passively scan for applications revealing server error messages

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Don't let buffer overflows overflow your mind

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

📚 VoidHack CTF write-ups

A Python implementation that facilitates finding timeless timing attack vulnerabilities.

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Security Tool to Look For Interesting Files in S3 Buckets

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Wireshark Cheat Sheet

A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.

Public repository of static GDB and GDBServer

A portable console aimed at making pentesting with PowerShell a little easier.

Roblox Exploit Source Code Called IceMeme with some cmds, lua c and limited lua execution with simple ui in c#

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Common password pattern generator using strings list

CTF framework and exploit development library

Various local exploits

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)

Study Notes For Web Hacking / Web安全学习笔记

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

This is sample code to demonstrate how one can use SQL Injection vulnerability to download local file from server in specific condition. If you have any doubt, ping me at https://twitter.com/IndiShell1046 :)

Potentially dangerous files

Application Layer DoS attack simulator

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

😎 Curated list about cryptocurrency security (reverse / exploit / fuzz..)

A tool for scanning registery key permissions. Find where non-admins can create symbolic links.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

A collection of public offensive and defensive security related scripts for InfoSec students.

Writeup of CVE-2020-15906

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

collection of verified Linux kernel exploits

generate and search pattern string for exploit development

SVScanner - Scanner Vulnerability And MaSsive Exploit.

A curated list of awesome Internet port and host scanners, plus related components and much more, with a focus on free and open source projects.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Remote exploitation framework written in Python

PoC materials for article https://habr.com/en/post/486856/

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

Open source all-in-one CLI tool to semi-automate pentesting.

CVE-2019-1458 Windows LPE Exploit

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

A container repository for my public web hacks!

A Machine Learning approach for classifying a file as Malicious or Legitimate

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

200 TOOLS BY 0XID4FF0X FOR TERMUX

A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance

Test a host for susceptibility to CVE-2019-19781

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

A collection of Ansible roles for automating infosec builds.