604 Open source projects that are alternatives of or similar to Wooyun

A collection of Ansible roles for automating infosec builds.

Post-Exploitation Framework

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

Python Books for Security

my oscp prep collection

RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集，可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith

The Collective. A repo for a collection of red-team projects found mostly on Github.

Simple Karma Attack

A Linux Kernel Module that implements a fast snapshot mechanism for fuzzing.

Variation of american fuzzy lop for testing compilers for C-like languages, revised by Alex Groce & collaborators to fuzz tools processing source code in C-like languages

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Exercises to learn how to fuzz with American Fuzzy Lop

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Discover Your Attack Surface!

Hacking tools

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

An advanced graphical search engine for Exploit-DB

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Common password pattern generator using strings list

A bare-metal x86 instruction set fuzzer a la Sandsifter

ArcHeap: Automatic Techniques to Systematically Discover New Heap Exploitation Primitives

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

A fast web directory/file enumeration tool written in Rust

Fuzzing Parsers with Tokens

Detect hidden files and text in images

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

BrundleFuzz is a distributed fuzzer for Windows and Linux using dynamic binary instrumentation.

Tools for Hacking

Penetration tests guide based on OWASP including test cases, resources and examples.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

A curated list of awesome directed fuzzing research papers

A default credential scanner.

😎 Curated list about cryptocurrency security (reverse / exploit / fuzz..)

A Python-powered exploitation framework and botnet.

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

A curated list of awesome OSCP resources

Command line tool for testing CRLF injection on a list of domains.

A toolset for reverse engineering and fuzzing Protobuf-based apps

A fork and successor of the Sulley Fuzzing Framework

Directory Services Internals (DSInternals) PowerShell Module and Framework

unix SSH post-exploitation 1337 tool

Recent Fuzzing Paper

Provides a Kotlin/Java library to create a random json string

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

OSS-Fuzz - continuous fuzzing for open source software.

A utility to make Kotlin/Java tests random yet reproducible

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

GitBook: OSCP RoadMap

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Automated Cyber Offense

📖 Guides and tutorials on how to fuzz Rust code

Bugs are inevitable. Suffering is optional.

🔄 A collection of mitmproxy inline scripts

Content for hackingthe.cloud