CobraSource Code Security Audit (源代码安全审计)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Grinder🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Security ScriptsA collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
YawastYAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
PortauthorityA handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts.
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
VulscanAdvanced vulnerability scanning with Nmap NSE
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Wpscan V3THIS REPOSITORY HAS BEEN MOVED TO https://github.com/wpscanteam/wpscan USE THAT!!!
GsilGitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
PbscanFaster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Security CheckerA PHP dependency vulnerabilities scanner based on the Security Advisories Database.
MinionsDistributed filesystem scanner
Vscan Gogolang version for nmap service and application version detection (without nmap installation)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
PakalaOffensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine
Btle SnifferPassively scan for Bluetooth Low Energy devices and attempt to fingerprint them
Keynuker🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github
Pest🐞 Primitive Erlang Security Tool
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Kube ScoreKubernetes object analysis with recommendations for improved reliability and security
HoperSecurity tool to trace URL's jumps across the rel links to obtain the last URL
Pentest ChainsawScrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product
GitgotSemi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Censys RubyRuby API client for the Censys internet-wide network-scan search engine
Recon RavenReconnaissance tool of Penetration test & Bug Bounty
XattackerX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Sn0intSemi-automatic OSINT framework and package manager
OssaOpen-Source Security Architecture | 开源安全架构
EsdEnumeration sub domains(枚举子域名)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
InqlInQL - A Burp Extension for GraphQL Security Testing
WpscanWPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Jsprimea javascript static security analysis tool