1008 Open source projects that are alternatives of or similar to Xssor2

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

pentest framework

Fast Modular Web Interfaces Bruteforcer

Java web and command line applications demonstrating various security topics

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Git All the Payloads! A collection of web attack payloads.

A list of useful payloads for Web Application Security and Pentest/CTF

SSRF (Server Side Request Forgery) testing resources

Search Exploitable Software on Linux

In progress rough solutions to bWAPP / bee-box

Multi source CVE/exploit parser.

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

🌒 Shell command obfuscation to avoid detection systems

🚀 Takes minutes to explore the topology of all routable /24 prefixes in IPv4 address space. Now supports IPv6 scan!

A Deliberately Insecure Web Application

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

XSHOCK Shellshock Exploit

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

🔑 Hash type identifier (CLI & lib)

Ladon Moudle MS17010 Exploit for PowerShell

It's a tool which generate a dictionary from a csv containing personals informations. Generate all common passwords based on perso info. (leet transformations and combinatory processing)

Yet Another PHP Shell - The most complete PHP reverse shell

This powershell script has got to run in remote hacked windows host, even for pivoting

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

A list of resources for those interested in getting started in bug bounties

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

A tool to automate penetration tests

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Extract subdomains from SSL certificates in HTTPS sites.

Attack Surface Management Platform | Sn1perSecurity LLC

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

hydra

A fast DOM based XSS vulnerability scanner with simplicity.

Hacking Toolkit

MSDAT: Microsoft SQL Database Attacking Tool

Web path scanner

Powerfull XSS Scanning and Parameter analysis tool&gem

Fully automated offensive security framework for reconnaissance and vulnerability scanning

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Hacking tools

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

scan for NTLM directories

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Useful helpers for working with Codable types in Swift

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Message Queue & Broker Injection tool

nray distributed port scanner

Penetration test Achieve Knowledge Unite Rapid Interface

Inspect JavaScript object methods and properties in the console.

一个用于识别目标网站是否采用Struts2框架开发的工具demo

Pentesting suite for Maltego based on data in a Metasploit database

Best Tool For instagram bruteforce hacking Tool By EvilDevil

Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter