1653 Open source projects that are alternatives of or similar to Wstg

Useful tools and scripts during Penetration Testing engagements

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

hydra

Penetration Testing notes, resources and scripts

A web front-end for password cracking and analytics

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

A Python3 based single-file subdomain enumerator

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Ruby on Rails Phishing Framework

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

The Collective. A repo for a collection of red-team projects found mostly on Github.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

A curated list of awesome OSCP resources

A high performance offensive security tool for reconnaissance and vulnerability scanning

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Dump exposed HTTP .git fast

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

An easy-to-read, quick reference for JS best practices, accepted coding standards, and links around the Web

A collection of public offensive and defensive security related scripts for InfoSec students.

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

All-in-one tool for managing vulnerability reports from AppSec pipelines

A list to discover work of red team tooling and methodology for penetration testing and security assessment

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

The OWASP ZAP core project

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Hacking tools

my oscp prep collection

Penetration tests guide based on OWASP including test cases, resources and examples.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Powerful Visual Subdomain Enumeration at the Click of a Mouse

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

备考 OSCP 的各种干货资料/渗透测试干货资料

A tool to test security of json web token

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Study Notes For Web Hacking / Web安全学习笔记

Centralize Vulnerability Assessment and Management for DevSecOps Team

Automated NoSQL database enumeration and web application exploitation tool.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

A wrapper for Nmap to quickly run network scans

Awesome Vulnerable Applications

Advanced vulnerability scanning with Nmap NSE

Audit tool to find common vulnerabilities in PHP source code

Automated Security Testing For REST API's