726 Open source projects that are alternatives of or similar to Wincmdfu

🔐 Docker Container for Penetration Testing & Security

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Hetty is an HTTP toolkit for security research.

被动式漏洞扫描系统

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Awesome cloud enumerator

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

Gorsair hacks its way into remote docker containers that expose their APIs

Extract endpoints from APK files

Responsive Command and Control System

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Subdomain Takeover tool written in Go

Idiomatic nmap library for go developers

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

Port scanning and domain utility.

A tool to hunt for publicly accessible DigitalOcean Spaces

Extract subdomains from SSL certificates in HTTPS sites.

Dradis Framework: Colllaboration and reporting for IT Security teams

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Web path scanner

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

🔥 A powerful MongoDB auditing and pentesting tool 🔥

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Intelligence tool but without API key

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Fast web fuzzer written in Go

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

📡 A python program to create a fake AP and sniff data.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Cameradar hacks its way into RTSP videosurveillance cameras

Hawkeye filesystem analysis tool

Selenium powered Python script to automate searching for vulnerable web apps.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Red Teaming Tactics and Techniques

🚀 Fast Port Scanner 🚀

A simple dns resolver of dns-record and web-record log server for pentesting

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Network protocol auditing framework

A collection of useful scripts for Cobalt Strike

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Know the dangers of credential reuse attacks.

Monitoring GitLab for sensitive data shared publicly

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer