726 Open source projects that are alternatives of or similar to Wincmdfu

Red Teaming Tactics and Techniques

Elasticsearch for Offensive Security

🚀 Fast Port Scanner 🚀

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

EmbedOS - Embedded security testing virtual machine

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Network protocol auditing framework

💀 Homebrew/homebrew-livecheck (deprecated)

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Go-deliver is a payload delivery tool coded in Go.

Common password pattern generator using strings list

A wrapper for Nmap to quickly run network scans

🚀 Manage background services with macOS' launchctl daemon manager

Find the latest release version of an arbitrary project

small python3 tool to check common vulnerabilities in SMTP servers

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.

Load modules and components asynchronously for angular 1.x application.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

internet monitoring osint telegram bot for windows

A collection of public offensive and defensive security related scripts for InfoSec students.

A container repository for my public web hacks!

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

Exploitation Framework for Embedded Devices

Centralize Vulnerability Assessment and Management for DevSecOps Team

Webshell Manager

The project help you to quickly build layouts in terminal，cross-platform(一个跨平台的命令行ui布局工具)

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

SSRF (Server Side Request Forgery) testing resources

Fast Modular Web Interfaces Bruteforcer

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Python network worm that spreads on the local network and gives the attacker control of these machines.

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Script to automate PUT HTTP method exploitation to get shell

DeepSea Phishing Gear

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Python Ransomware Tutorial - YouTube tutorial explaining code + showcasing the ransomware with victim/target roles

Secret and/ credential patterns used for gf.

Wireshark Cheat Sheet

A tool to abuse Exchange services

This repo is meant to be a list of companies that hire security people full remote.

mosquito - Automating reconnaissance and brute force attacks

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Scan for open AWS S3 buckets and dump the contents

A permutation generation tool written in golang

rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

CMD4 Plugin for Homebridge - Supports ~All Accessory Types & now all Characteristics too

Set of tools to audit SIP based VoIP Systems

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.