This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-part
Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a target web service. By acting as a reverse proxy, the tool intercepts and relays web requests to capture credentials and session tokens in real time, enabling the bypass of multi-factor authentication mechanisms through session cookie hijacking. The platform distinguishes itself by integrating infrastructure orchestration with modular template-driven content injection. It automates the deployment of proxy servers, manages the lifecycle of encryption certificates, and applies conte
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Wifiphisher is a modular security framework designed for wireless penetration testing and social engineering auditing. It functions as a platform for security professionals to assess the resilience of Wi-Fi networks by simulating unauthorized access, performing man-in-the-middle interceptions, and executing credential-harvesting scenarios. The tool distinguishes itself through its ability to combine rogue access point deployment with dynamic phishing interfaces. By forcing wireless clients to associate with deceptive infrastructure, the framework can capture network metadata and inject it int
هذا المشروع عبارة عن إطار عمل للوكيل الشفاف (transparent proxy) مصمم لاعتراض وتحليل ومعالجة حركة مرور بروتوكول Secure Shell (SSH). من خلال إنهاء اتصالات العميل والخادم بشكل مستقل، يوفر المشروع رؤية كاملة للجلسات المشفرة، مما يسمح بمراقبة تدفقات المصادقة، ونقل الملفات، وتنفيذ الأوامر في الوقت الفعلي.
الميزات الرئيسية لـ ssh-mitm/ssh-mitm هي: Transparent Interception Proxies, Man-in-the-Middle Frameworks, Traffic Proxying and Interception, Proxy Security Auditors, Interception Proxies, Authentication Testing, SSH Security Tools, Tunneling and Proxying.
تشمل البدائل مفتوحة المصدر لـ ssh-mitm/ssh-mitm: voorivex/pentest-guide — This project is a comprehensive web application penetration testing guide and vulnerability research framework. It… kgretzky/evilginx2 — Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a… andresriancho/w3af — w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities… wifiphisher/wifiphisher — Wifiphisher is a modular security framework designed for wireless penetration testing and social engineering auditing.… reqable/reqable-app — Reqable is a cross-platform network debugging tool that functions as an HTTP/HTTPS debugging proxy, a REST API client,… oisf/suricata — Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in…