Open-source alternatives to Maskphish

The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br

Seeker is a social engineering location tool and browser geolocation capture system. It provides a framework for capturing precise GPS coordinates and device metadata by hosting deceptive webpages that prompt users for location permissions. The project includes an HTML phishing template engine for deploying custom or predefined website clones designed to trick users into granting sensitive permissions. It further utilizes a device fingerprinting tool to collect hardware specifications, operating system details, and screen resolution from visiting clients. The system incorporates network reco

Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a

Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments. The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing passwor

guiscrcpy is a graphical user interface for the scrcpy screen mirroring protocol, serving as an Android device controller and screen mirroring tool. It allows users to view and interact with Android phones and tablets via a computer keyboard and mouse. The application provides a graphical debugging interface for managing Android devices and enables remote control and content streaming of a mobile display to a larger monitor.

Hoaxshell is a command and control system for Windows remote command execution. It provides a framework for generating and managing reverse shell payloads that utilize an HTTP beaconing protocol, where victim clients periodically poll a handler to receive and execute instructions. The project distinguishes itself through its ability to bypass PowerShell Constrained Language Mode using specialized payload generation. It supports encrypted command and control via TLS certificate injection and provides mechanisms for remote session recovery, allowing a handler to reestablish control over active

AdvPhishing is a tool for social engineering simulations and credential harvesting testing. It generates deceptive web interfaces, including cloned service provider pages and pre-made layouts that mimic payment and social media platforms, to capture user login details. The tool manages the end-to-end deployment of phishing campaigns by routing captured credentials to a specified email address via an integrated SMTP mail delivery mechanism. It includes utilities for exposing a local development server to the public internet through secure tunneling and redirects users to legitimate third-party

Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet

Ethical-Hacking-Labs is a comprehensive cybersecurity training curriculum and lab suite designed for learning penetration testing, network analysis, and offensive security techniques. It provides a structured environment for practicing the full attack lifecycle, from initial reconnaissance and scanning to exploitation and post-compromise analysis. The project provides instructional materials and guided exercises that cover specific technical domains, including open source intelligence research and network security courseware. It includes a practical workbook for identifying system vulnerabili

Th3inspector is a command-line open-source intelligence reconnaissance tool used for gathering public information on websites, phone numbers, and network records. It functions as a central interface for collecting technical metadata and performing various lookups to build profiles of target entities. The project provides specialized verification utilities for validating email addresses, phone numbers, and credit card bank identification numbers. It also includes tools for retrieving domain registration age, ownership records, and identified subdomains from global databases. Additional capabi

NETworkManager is a comprehensive suite of network administration tools designed for the deployment, monitoring, and diagnostic management of enterprise networks. It provides a centralized interface for subnet management, IP address configuration, and wireless network analysis. The project distinguishes itself by integrating a multi-protocol remote administration client that supports SSH, RDP, VNC, Telnet, and PowerShell sessions within a unified tabbed interface. It further differentiates its capabilities through hardware-level discovery using LLDP and CDP frames, alongside the ability to en

Empire is a command and control framework and post-exploitation toolkit used for network penetration testing. It serves as a centralized platform for coordinating remote agent communication and automating the delivery of security testing payloads to target systems. The project provides a suite of modules for host reconnaissance, lateral movement, and credential harvesting across corporate environments. It functions as a remote administration tool to maintain persistence and execute commands on compromised hosts. The framework incorporates capabilities for agent orchestration and the executio

Nettacker is an automated penetration testing framework designed to orchestrate reconnaissance, port scanning, and vulnerability detection. It functions as a network reconnaissance tool and vulnerability scanner that identifies open ports, fingerprints services, and checks systems against databases of known security flaws. The framework distinguishes itself by combining a web application crawler for discovering hidden paths via fuzzing with a vulnerability management system that persists scan results in a database to track historical assessments. It also includes specialized capabilities for

Tsunami Security Scanner is a network vulnerability scanner and security auditor designed to identify high-severity flaws across network assets. It functions as an asynchronous security probe engine that utilizes automated probes and specialized detection logic to find critical weaknesses and prioritize remediation efforts. The project is distinguished by a plugin-based scanning engine, which uses a modular architecture of interchangeable detection plugins to identify vulnerabilities. This extensibility allows for the development and integration of custom security plugins to expand the variet

PentestGPT is an autonomous security testing framework that leverages large language models to plan, execute, and coordinate end-to-end penetration testing engagements. By functioning as an autonomous agent, the system automates the entire testing lifecycle, from initial reconnaissance and vulnerability analysis to the generation of custom exploits and the execution of post-exploitation tasks. The platform distinguishes itself through a multi-agent orchestration system that coordinates specialized AI agents to collaborate on complex, multi-stage attack chains. It integrates multimodal context

This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris

afrog is an HTTP vulnerability scanner and web vulnerability management system that identifies security flaws and known CVEs using a YAML-based rule engine. It functions as a payload generator and scanner, comparing server responses against detection rules to find unauthorized access points. The project provides a framework for out-of-band security testing, detecting blind vulnerabilities by triggering and verifying external DNS or HTTP callbacks. Beyond web traffic, it includes a protocol fuzzer capable of executing multi-step read and write sequences over raw TCP and SSL sockets to identify

Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc

Stitch is a command and control framework and post-exploitation toolkit designed for managing multiple remote systems from a central server. It functions as a remote administration tool and payload builder, enabling the execution of commands and the deployment of agents across different operating systems. The project features a cross-platform builder for generating custom executable agents with configurable network bindings and boot behaviors. It utilizes encrypted communication channels to secure traffic between the controller and remote clients, and it supports the execution of dynamic scri

HackTools is a browser extension pentesting toolkit designed for offensive security professionals. It serves as a centralized collection of tools for generating payloads, managing penetration testing workflows, and accessing security reference materials within a web-based interface. The project provides specialized utilities for generating attack strings for XSS, SQL injection, and reverse shells to identify and exploit web vulnerabilities. It includes a data encoding and hashing utility to convert information between various formats for the purpose of bypassing security filters or verifying

PhoneSploit-Pro is an Android exploitation and remote administration toolkit. It provides a system for remotely controlling Android devices and extracting data using the Android Debug Bridge protocol. The project integrates with Metasploit to automate the creation and installation of payloads, establishing persistent command-and-control sessions. It also includes a network device scanner to identify active Android hosts on local networks by probing TCP ports. The toolkit covers a broad range of administrative and forensic capabilities, including remote shell execution, application management

BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij

This project is an Android device farm management platform and mobile device testing lab. It provides a web-based interface for remotely controlling, debugging, and managing fleets of physical Android devices. The platform enables remote hardware access through an ADB remote control system, allowing for remote shell execution, application installation via drag-and-drop, and real-time screen interaction through a browser. It includes tools for mapping remote device connections to local ports, enabling the use of integrated development environments for debugging. The system covers hardware inv

Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ

Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of securit

ScanCode Toolkit is a software composition analysis tool and scanning framework designed to identify open-source licenses and copyright statements in source code and binary files. It functions as an open-source license detector, a dependency vulnerability scanner, and a generator for standardized software bills of materials in SPDX and CycloneDX formats. The project is built as a plugin-based scanning framework, allowing the integration of custom detection logic, specialized analyzers, and modified scanning behaviors at runtime. It distinguishes itself through the ability to produce formal le

Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o