398 Open source projects that are alternatives of or similar to Xorpass

The Shadow Attack Framework

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Linux enumeration tool for pentesting and CTFs with verbosity levels

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Gorsair hacks its way into remote docker containers that expose their APIs

an easy pentesting tool.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

PHP function tracker

Know the dangers of credential reuse attacks.

Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

The Leading Security Assessment Framework for Android.

Responsive Command and Control System

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

Hacking Toolkit

AWS Identity and Access Management Visualizer and Anomaly Finder

Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Vagrant VirtualBox environment for conducting an internal network penetration test

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

A simple wrapper for C# tools

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Enumerate and decrypt TeamViewer credentials from Windows registry

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

Advanced Web Shell

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Hawkeye filesystem analysis tool

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A backdoor with a multitude of features.

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

hydra

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

A tool to fastly get all javascript sources/files

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Study Notes For Web Hacking / Web安全学习笔记

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🔥 A powerful MongoDB auditing and pentesting tool 🔥

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

A swiss army knife for pentesting networks

Intelligence and Reconnaissance Package/Bundle installer.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

mXtract - Memory Extractor & Analyzer

🚀 Fast Port Scanner 🚀

Network protocol auditing framework

Centralize Vulnerability Assessment and Management for DevSecOps Team

Red Teaming Tactics and Techniques

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).