The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 offensive-security Open-Source Projects
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
-
OSCP-Exam-Report-Template-Markdown
:orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
-
Awesome-Cybersecurity-Handbooks
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
-
Keylogger
Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail. (by aydinnyunus)
-
Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
-
Chimera
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
-
OSCP-Exam-Report-Template
Modified template for the OSCP Exam and Labs. Used during my passing attempt
-
Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
-
GTFONow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
-
oscp-pre-preparation-plan-and-notes
My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford the exam but what count's trying and learning things. I'm gonna give it a try. [Start Date: 21st March 2022]
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Exam Complete -- Got enough points but am worried about the report. | /r/oscp | 2023-07-05Thank you! Yes, I used https://github.com/noraj/OSCP-Exam-Report-Template-Markdown and included vulnerability details, as well as how to fix the vulnerability and it got lengthy which I think was unnecessary, but I tried to make it nice and be thorough. I probably should've put more time in trying to fix the other issues I had but oh well.
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!
I learned about chisel in PEN-200 / preparing for the OSCP.
Then I learned about, Ligolo-ng [1] which is a game-changer. I highly recommend checking it out. It is most applicable to a penetration test. It uses TLS so I'm not sure it could be used to address the issue mentioned in the article.
[1] https://github.com/nicocha30/ligolo-ng
Link: https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks
If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide
I had never done any formal pentesting reports like this one, so I kind of learned it on the fly. The whoisflynn template came in clutch for me, since I just had to follow the instructions laid out and copy paste whatever I needed to. Don’t underestimate this part of the exam, and do some planning beforehand to make sure you’re comfortable and have enough time. There isn’t an upper limit to detail in the report, and I was sure I was very detailed in my writeups.
Project mention: PsMapExec - Active Directory and Windows Lateral Movement | /r/Infosec | 2023-10-21
Project mention: Chimera: Automated DLL Sideloading Tool With EDR Evasion Capabilities | /r/purpleteamsec | 2023-05-17
offensive-security related posts
- Haven't been using kali in a long time and wanted to know why Ngrok is not working on Blackeye? blackeye itself doesn't exist anymore lol
- Cloudflare for Speed and Security
- Show HN: I'm writing a book – Cloudflare for Speed and Security
- Exam Complete -- Got enough points but am worried about the report.
- Passing the OSCP in 8 hours(as a high school student)
- Passed OSCP about two weeks ago
- Black Hat Rust
-
A note from our sponsor - WorkOS
workos.com | 23 Apr 2024
Index
What are some of the best open-source offensive-security projects? This list will help you:
Project | Stars | |
---|---|---|
1 | DefaultCreds-cheat-sheet | 5,269 |
2 | RedTeaming-Tactics-and-Techniques | 3,816 |
3 | Villain | 3,561 |
4 | OSCP-Exam-Report-Template-Markdown | 3,289 |
5 | black-hat-rust | 3,044 |
6 | Raccoon | 2,993 |
7 | awesome-oscp | 2,389 |
8 | ligolo-ng | 2,112 |
9 | Reconnoitre | 2,065 |
10 | Awesome-Cybersecurity-Handbooks | 2,058 |
11 | Keylogger | 1,923 |
12 | rapidscan | 1,649 |
13 | pentest | 1,442 |
14 | Digital-Forensics-Guide | 1,335 |
15 | Chimera | 1,260 |
16 | 007-TheBond | 1,030 |
17 | BlackMamba | 990 |
18 | OSCP-Exam-Report-Template | 913 |
19 | Open-Source-Security-Guide | 846 |
20 | PsMapExec | 651 |
21 | GTFONow | 489 |
22 | oscp-pre-preparation-plan-and-notes | 463 |
23 | Chimera | 422 |
Sponsored