1574 Open source projects that are alternatives of or similar to Winpwn

👻Stowaway -- Multi-hop Proxy Tool for pentesters

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Privilege Escalation Enumeration Script for Windows

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

Venom - A Multi-hop Proxy for Penetration Testers

mXtract - Memory Extractor & Analyzer

Awesome cloud enumerator

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

备考 OSCP 的各种干货资料/渗透测试干货资料

fireELF - Fileless Linux Malware Framework

👻Impost3r -- A linux password thief

Exploit Pack -The next generation exploit framework

🌒 Shell command obfuscation to avoid detection systems

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

This repository contains full code examples from the book Gray Hat C#

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Sifter aims to be a fully loaded Op Centre for Pentesters

Intelligence and Reconnaissance Package/Bundle installer.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Open source pre-operation C2 server based on python and powershell

The Collective. A repo for a collection of red-team projects found mostly on Github.

Automated Mass Exploiter

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Attack Surface Management Platform | Sn1perSecurity LLC

Notes for taking the OSCP in 2097. Read in book form on GitBook

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

E-mails, subdomains and names Harvester - OSINT

Hacking Toolkit

hydra

MSDAT: Microsoft SQL Database Attacking Tool

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

A curated list of awesome privilege escalation

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Web path scanner

Python3 script to parse txt files containing Mimikatz output

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

The Last Web Recon Tool You'll Need

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Semi-automatic OSINT framework and package manager

CVE-2016-8610 (SSL Death Alert) PoC

A set of recipes useful in pentesting and red teaming scenarios

Responsive Command and Control System

ODAT: Oracle Database Attacking Tool

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup