821 Open source projects that are alternatives of or similar to Xshock

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

DEPRECATED, wifipumpkin3 -> https://github.com/P0cL4bs/wifipumpkin3

Advanced Web Shell

websocket-connection-smuggler

C2/post-exploitation framework

Notes about attacking Jenkins servers

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p

DNS Rebinding Exploitation Framework

Free Security and Hacking eBooks

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Mikrotik RouterOS (6.x < 6.38.5) exploit kit. Reverse engineered from the "Vault 7" WikiLeaks publication.

Web Application Security Scanner Framework

[Solo para programadores] Troyano espía | Keylogger solo para Windows, se replica en el sistema y se inicia automaticamente al iniciar sesión. | Envío de registro mediante [Base de Datos], [Gmail] o [BotTelegram].

📓 Some security related notes

ATT&CK实操

CVE-2016-8610 (SSL Death Alert) PoC

OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Quine Museum

An Python Script For Generating Payloads that Bypasses All Antivirus so far .

Mercure is a tool for security managers who want to train their colleague to phishing.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Auto Scanning to SSL Vulnerability

locate and attack Lync/Skype for Business

Browse and search through nmap's NSE scripts.

Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓

This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010

Reconnaissance tool of Penetration test & Bug Bounty

Quickly analyze and reverse engineer Android packages

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

📝 ⌨️ A GNU/Linux keylogger that works!

A list of resources for those interested in getting started in bug bounties

linux post-exploitation framework made by linux user

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

A curated list of awesome privilege escalation

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

The Last Web Recon Tool You'll Need

Yet Another PHP Shell - The most complete PHP reverse shell

OSINT Tool: Generate username lists for companies on LinkedIn

Core to automatize whatsapp - working 11/2018

🏴‍☠️ tools (py3 version) of Black Hat Python book 🏴‍☠️

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Multi OTP Spam Amp/Paralell threads

jSQL Injection is a Java application for automatic SQL database injection.

cms识别

C# Hacking library for making PC game trainers.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Tools, tips, tricks, and more for exploring ICS Security.

Extract endpoints from APK files

Track any ip address with IP-Tracer. IP-Tracer is developed for Linux and Termux. you can retrieve any ip address information using IP-Tracer.

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

NSA Hacking Tool Recreation UnitedRake

Papers about known hacking, security, hardware, software, computer, network and other ressources.

pentest framework

A shell script that automatically performs a series of *NIX enumeration tasks.