564 Open source projects that are alternatives of or similar to Web-Penetration-Testing-with-Kali-Linux-Third-Edition

Kali Live Build Scripts

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Complete Listing and Usage of Tools used for Ethical Hacking

Notes from OSCP, CTF, security adventures, etc...

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Free Security and Hacking eBooks

Burp Suite extension to passively scan for applications revealing server error messages

Burp extension to passively scan for applications revealing software version numbers

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

network reconnaissance toolkit

intercepting kali router

Collection of tips, tools and tutorials around infosec

Tool Information Gathering Write By Python.

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

A Docker container for remote penetration testing.

Top 100 Hacking & Security E-Books (Free Download)

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

Next generation web scanner

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion

Captive wifi hotspot bypass tool for Linux

The LAZY script will make your life easier, and of course faster.

This script will you help to find the information about the website and to help in penetrating testing

Opening the door, one reverse shell at a time

🆕 The Multi-Tool Web Vulnerability Scanner.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

👨‍💻 Impress your friends by pretending to be a real hacker

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.

Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Install the tools and start Attacking , black-tool v5.0 ! ⬛

This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi penetration testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements.

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

NekRos is an Open-Source Ransomeware, with advanced Features, Which Looks Like Wannacry and Has C&C Server which can be Used to Retrive KEY

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Rubyfu, where Ruby goes evil!

Run interactive android exploits in linux.

Cameradar hacks its way into RTSP videosurveillance cameras

Mobile penetration testing android & iOS command cheatsheet

Bash script which installs and runs the Fluxion tool inside Termux, a wireless security auditing tool used to perform attacks such as WPA/WPA2 cracking and MITM attacks.

Work in progress...

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

Inline file transfer using in-built Windows tools (DEBUG.exe or PowerShell).

Burp extension for automated handling of CSRF tokens