1480 Open source projects that are alternatives of or similar to Writeups

PowerShell payload generator

Multi OTP Spam Amp/Paralell threads

WebMap-Nmap Web Dashboard and Reporting

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Vulnerability Dashboard

Forward shell generation framework

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

Pentest: Subdomains enumeration tool for penetration testers.

Responsive Command and Control System

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A place where I can create, collect and share tooling, resources and knowledge about information security.

🎯 XML External Entity (XXE) Injection Payload List

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

汽车/安卓/固件/代码安全测试工具集

Collection of PowerShell functions a Red Teamer may use to collect data from a machine

A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.

台大 計算機安全 - Pwn 簡報、影片、作業題目與解法 - Computer Security Fall 2019 @ CSIE NTU Taiwan

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

Yet Another PHP Shell - The most complete PHP reverse shell

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

备考 OSCP 的各种干货资料/渗透测试干货资料

🐉 Export ghidra decompiled code to dwarf sections inside ELF binary

Quick SQL Scanner, Dorker, Webshell injector PHP

💀 A bash hacking and scanning framework.

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Docker - Ubuntu with a bunch of PenTesting tools and wordlists

Cheat-Sheet of tools for penetration testing

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

recon-ng modules for Censys

A Highly Accessible and Automated Virtualization Platform for Security Education

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

How to exploit a double free vulnerability in 2021. Use After Free for Dummies

Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

Collection of several DDos tools.

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

Exploiting challenges in Linux and Windows

Bash script for CTF automating basic enumeration

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.

Suggests programs to run against services found during the enumeration phase of a Pentest

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

🌒 Shell command obfuscation to avoid detection systems

dr.rer.oec.gadget IDAPython plugin for the Interactive Disassembler <ABANDONED PROJECT>

Automated script to run all modules for a specified list of domains, netblocks or company name

A tool for generating reverse shell payloads on the fly.

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.

Get GTFOBins info about a given exploit from the command line

Linux kernel development & exploitation lab.

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Python AV Evasion Tools

This script will you help to find the information about the website and to help in penetrating testing

A collection of useful links for Pentesters

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Kali Live Build Scripts