806 Open source projects that are alternatives of or similar to Xssmap

Post-Exploitation Framework

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Python Books for Security

WaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS

Small tool to package javascript into a valid image file.

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Know the dangers of credential reuse attacks.

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

BlackRAT - Java Based Remote Administrator Tool

Advanced dork Search & Mass Exploit Scanner

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Collection of quality safety articles. Awesome articles.

Open source pre-operation C2 server based on python and powershell

Browse and search through nmap's NSE scripts.

Cross-site scripting labs for web application security enthusiasts

⛔️ offsec batteries included

Fast web fuzzer written in Go

Semi-automatic OSINT framework and package manager

fireELF - Fileless Linux Malware Framework

pentest framework

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Intelligence tool but without API key

Simple Server Side Request Forgery services enumeration tool.

A framework for Backdoor development!

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

xWAF 3.0 - Free Web Application Firewall, Open-Source.

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Burp Suite extension to passively scan for applications revealing server error messages

A curated list of awesome privilege escalation

VOIP Security Audit Framework

An implementation of PHP's strip_tags in Typescript.

Security Tool to Look For Interesting Files in S3 Buckets

Don't let buffer overflows overflow your mind

Linux enumeration tool for pentesting and CTFs with verbosity levels

Exploit pack for pentesters and ethical hackers.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Empire HTTP(S) C2 redirector setup script

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

A portable console aimed at making pentesting with PowerShell a little easier.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

The SpecterOps project management and reporting engine

A collection of personal scripts used in hacking excercises.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Interactive Network Scanner

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

A collection of hacking / penetration testing resources to make you better!

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Directory Services Internals (DSInternals) PowerShell Module and Framework

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python