490 Open source projects that are alternatives of or similar to Webanalyze

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Privilege Escalation Enumeration Script for Windows

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Cameradar hacks its way into RTSP videosurveillance cameras

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

DNS Sub-domain brute forcer, in Python + gevent

C++14 library to enhance enumerator capabilities, including arbitrary length, statically allocated, strongly typed masks.

Find web directories without bruteforce

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

Web Pentesting Fuzz 字典,一个就够了。

A repo with information about security of Ethereum Smart Contracts

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Get GTFOBins info about a given exploit from the command line

[POC] Asynchronous reverse shell using the HTTP protocol.

The Leading Security Assessment Framework for Android.

Ransom0 is a open source ransomware made with Python, designed to find and encrypt user data.

Linux Rootkits (4.x Kernel)

CVE-2016-8610 (SSL Death Alert) PoC

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Enumerated Types for Lua

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Semi-automatic OSINT framework and package manager

A curated list of awesome OSCP resources

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

RubberDucky like payloads for DigiSpark Attiny85

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

PowerShell SOCKS proxy with reverse proxy capabilities

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Go-deliver is a payload delivery tool coded in Go.

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

备考 OSCP 的各种干货资料/渗透测试干货资料

A MongoDB importer and API for Project Sonars DNS datasets

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Penetration testing and auditing toolkit for Android apps.

small python3 tool to check common vulnerabilities in SMTP servers

Reverse proxies cheatsheet

Passwords Recovery Tool

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Python network tool, similar to Netcat with custom features.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A pentesting tool inspired by mr robot and derived by zphisher

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.

A collection of public offensive and defensive security related scripts for InfoSec students.

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

A fast DOM based XSS vulnerability scanner with simplicity.

Hetty is an HTTP toolkit for security research.

This repository contains full code examples from the book Gray Hat C#