1114 Open source projects that are alternatives of or similar to web-fuzz-wordlists

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Penetration tests guide based on OWASP including test cases, resources and examples.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Hacking Toolkit

Burp Suite extension to passively scan for applications revealing server error messages

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A tool to test security of json web token

Audit tool to find common vulnerabilities in PHP source code

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

hydra

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

A curated list of awesome OSCP resources

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Simple Karma Attack

Hack the World using Termux

Web Application Security Scanner Framework

A fast web directory/file enumeration tool written in Rust

Pentest: Subdomains enumeration tool for penetration testers.

A list of useful payloads for Web Application Security and Pentest/CTF

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Multi source CVE/exploit parser.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Penetration Testing notes, resources and scripts

Kali Live Build Scripts

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Burp extension to passively scan for applications revealing software version numbers

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Penetration Testing Platform

Docker - Ubuntu with a bunch of PenTesting tools and wordlists

A wrapper for Nmap to quickly run network scans

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Pentest Report Generator

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Vagrant VirtualBox environment for conducting an internal network penetration test

Collection of the cheat sheets useful for pentesting

Quick SQL Scanner, Dorker, Webshell injector PHP

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

汽车/安卓/固件/代码安全测试工具集

🔐 Docker Container for Penetration Testing & Security

A bunch of examples of how to deploy things on kubernetes

Cheat-Sheet of tools for penetration testing

JSON RSA to HMAC and None Algorithm Vulnerability POC

Adminer database management tool for your Laravel application.

A Golang implant that uses Slack as a command and control server

Sifter aims to be a fully loaded Op Centre for Pentesters

Advanced vulnerability scanning with Nmap NSE

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

Argus Advanced Remote & Local Keylogger For macOS and Windows

Vulnerability assessment and penetration testing automation and reporting platform for teams.