1721 Open source projects that are alternatives of or similar to Web Brutator

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Attack Surface Management Platform | Sn1perSecurity LLC

Useful tools and scripts during Penetration Testing engagements

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

The Web Application Hacker's Handbook - Extra Content

Apache Solr Injection Research

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.

OSINT Tool: Generate username lists for companies on LinkedIn

cve-2019-0604 SharePoint RCE exploit

hack tools

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

🔪 Leak git repositories from misconfigured websites

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

👁 (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

Automated Red Team Infrastructure deployement using Docker

Advanced Web Shell

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Powerfull XSS Scanning and Parameter analysis tool&gem

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

💣 Impulse Denial-of-service ToolKit

OWASP WEB Directory Scanner

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

hacking-tool termux-tools termux noob-friendly instagram-bot bruteforce-password-cracker wordlist-technique

Rate-limiting middleware for Koa2 ES6. Use to limit repeated requests to APIs and/or endpoints such as password reset.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Ruby on Rails Phishing Framework

macOS keychain cracking tool

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

A list of resources for those interested in getting started in bug bounties

DNS Rebinding Exploitation Framework

onex is a hacking tool installer and package manager for hackers. Onex is a library of all hacking tools for Termux and other Linux distributions. onex can install any third party tool or any hacking tool for you.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

记录自己编写、修改的部分工具

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

A curated list of awesome OSCP resources

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Bruteforce database

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server

AVAX is a small, modern and fast console application for decrypting passwords with certain options.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Notes about attacking Jenkins servers

jSQL Injection is a Java application for automatic SQL database injection.

CVE-2016-8610 (SSL Death Alert) PoC