1008 Open source projects that are alternatives of or similar to Xssor2

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

Recursive Length Prefix Encoding in JavaScript

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

Additional android app for SpaceHunn's ESP8266 DeAuther.

scan for NTLM directories

Automation for internal Windows Penetrationtest / AD-Security

Useful helpers for working with Codable types in Swift

Most advanced XSS scanner.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

Penetration test Achieve Knowledge Unite Rapid Interface

Collection of Go wrappers for Video encoding cloud providers (moved to @video-dev)

Inspect JavaScript object methods and properties in the console.

Awesome Node.js Security resources

Pentesting suite for Maltego based on data in a Metasploit database

iOS/macOS/Linux Remote Administration Tool

C2Hack, sharing tips and tricks for pentesters

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Pop shells like a master.

An active monitoring software to detect failures before your customers do.

GUI for AV1 (aomenc, rav1e & svt-av1)

An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.

Generic and fast binary serializer for Go

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Lets you connect strangers to each other, and intercept messages AKA Man in the Middle Attack

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

a tool to determine the crypto/encoding algorithm used according to traces from its representation

bug bounty hunters starter notes

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Universal IR Remote Control Solution

A PHP library to encode and decode arbitrary ASN.1 structures using ITU-T X.690 encoding rules.

Cross-site scripting labs for web application security enthusiasts

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

A Rust crate that allows you to match, bind, and pack the individual bits of integers.

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

Venom - A Multi-hop Proxy for Penetration Testers

Deep Texture Encoding Network

web scanner - exploitation - information gathering

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

some pentest scripts & tools by [email protected]

💱 Codepages for JS

The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.

Script collection to bypass Network Access Control (NAC, 802.1x)

Market leading Android SDK with encoding, streaming & playback functionality

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Go implementation of EDN (Extensible Data Notation)

SMB Relay Attack Script

Android app for collecting OpenStreetCam imagery

C and MATLAB implementation for LDPC encoding and decoding

Burp Bounty profiles compilation, feel free to contribute!

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

MLBox is a powerful Automated Machine Learning python library.

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

Another monitoring application, intentend to be simple to use and extensible.