604 Open source projects that are alternatives of or similar to Wooyun

A collection of various awesome lists for hackers, pentesters and security researchers

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Web path scanner

A fuzzing library in JavaScript. ✨

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

🔪 Leak git repositories from misconfigured websites

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

A collection of manifests that will create pods with elevated privileges.

A blackbox mutational fuzzer for detecting critical bugs in SMT solvers

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

VOIP Security Audit Framework

Reverse-engineering tools and exploits for Samsung's implementation of TrustZone

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

SSH man-in-the-middle tool

won't maintain

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

This repository contains the code for a fuzzing prototype for the OP-TEE system call interface using AFL.

Patches to afl to fix bugs or add enhancements

Curated list of resources on testing distributed systems

A collection of public offensive and defensive security related scripts for InfoSec students.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Infection vector that bypasses AV, IDS, and IPS. (For now...)

🤖 Repeat tests. Repeat tests. Repeat tests.

A collection of Ansible roles for automating infosec builds.

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

my oscp prep collection

The Collective. A repo for a collection of red-team projects found mostly on Github.

A Linux Kernel Module that implements a fast snapshot mechanism for fuzzing.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Work in progress...

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Hacking tools

An advanced graphical search engine for Exploit-DB

Common password pattern generator using strings list

ArcHeap: Automatic Techniques to Systematically Discover New Heap Exploitation Primitives

A fast web directory/file enumeration tool written in Rust

Detect hidden files and text in images

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.

BrundleFuzz is a distributed fuzzer for Windows and Linux using dynamic binary instrumentation.

Penetration tests guide based on OWASP including test cases, resources and examples.

A curated list of awesome directed fuzzing research papers

😎 Curated list about cryptocurrency security (reverse / exploit / fuzz..)

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

Command line tool for testing CRLF injection on a list of domains.

A fork and successor of the Sulley Fuzzing Framework

unix SSH post-exploitation 1337 tool

Provides a Kotlin/Java library to create a random json string

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A utility to make Kotlin/Java tests random yet reproducible

DOM fuzzer

A list to discover work of red team tooling and methodology for penetration testing and security assessment

📖 Guides and tutorials on how to fuzz Rust code

GitBook: OSCP RoadMap

Bugs are inevitable. Suffering is optional.

🔄 A collection of mitmproxy inline scripts