398 Open source projects that are alternatives of or similar to Xorpass

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

A collection of public offensive and defensive security related scripts for InfoSec students.

A collection of useful scripts for Cobalt Strike

EmbedOS - Embedded security testing virtual machine

The ultimate WinRM shell for hacking/pentesting

Go-deliver is a payload delivery tool coded in Go.

Powerful Visual Subdomain Enumeration at the Click of a Mouse

📡 A python program to create a fake AP and sniff data.

Script to automate PUT HTTP method exploitation to get shell

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Elasticsearch for Offensive Security

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

A wrapper for Nmap to quickly run network scans

Ransom0 is a open source ransomware made with Python, designed to find and encrypt user data.

SSRF (Server Side Request Forgery) testing resources

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

A Cloudflare resolver that works

Fast Modular Web Interfaces Bruteforcer

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

DeepSea Phishing Gear

A simple dns resolver of dns-record and web-record log server for pentesting

Human and machine readable web vulnerability testing format

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

Adds a customizable "Send to..."-context-menu to your BurpSuite.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Linux enumeration tool for pentesting and CTFs with verbosity levels

Know the dangers of credential reuse attacks.

Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Study Notes For Web Hacking / Web安全学习笔记

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

my oscp prep collection

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

A tool to hunt for publicly accessible DigitalOcean Spaces

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A tool to test security of json web token

small python3 tool to check common vulnerabilities in SMTP servers

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

A container repository for my public web hacks!

A tool to abuse Exchange services

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Set of tools to audit SIP based VoIP Systems

🚀 Fast Port Scanner 🚀

Network protocol auditing framework

Centralize Vulnerability Assessment and Management for DevSecOps Team

Red Teaming Tactics and Techniques

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing