1008 Open source projects that are alternatives of or similar to Xssor2

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Web Recon & Exploitation Tool.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

Set of tools to audit SIP based VoIP Systems

Source code for Hacker101.com - a free online web and mobile security class.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

C2/post-exploitation framework

Web path scanner

Open Redirect Payloads

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Fast directory scanning and scraping tool

Top disclosed reports from HackerOne

Docker images for infosec tools

Wordpress Attack Suite

Automate Pentest Tool

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

ODAT: Oracle Database Attacking Tool

nodejs + express security and performance boilerplate.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A wrapper for Nmap to quickly run network scans

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

A tool to automate penetration tests

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Extract subdomains from SSL certificates in HTTPS sites.

Attack Surface Management Platform | Sn1perSecurity LLC

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

hydra

A fast DOM based XSS vulnerability scanner with simplicity.

Hacking Toolkit

MSDAT: Microsoft SQL Database Attacking Tool

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Powerfull XSS Scanning and Parameter analysis tool&gem

A list of resources for those interested in getting started in bug bounties

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Browser's XSS Filter Bypass Cheat Sheet

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

CVE-2016-8610 (SSL Death Alert) PoC

pentest framework

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Fast Modular Web Interfaces Bruteforcer

Hacking tools

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

A tool to test security of json web token

Collection of quality safety articles. Awesome articles.

Hooks in to interesting functions and helps reverse the web app faster.

[ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻

Fully automated offensive security framework for reconnaissance and vulnerability scanning

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

XSHOCK Shellshock Exploit