1614 Open source projects that are alternatives of or similar to 0xsp Mongoose

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Custom memory allocator that helps discover reads from uninitialized memory

fireELF - Fileless Linux Malware Framework

Hacking Toolkit

Patch-level verification for Bundler

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Scripts to gather system configuration information for offline/remote auditing

Secure, Unified, Powerful and Extensible Rust Android Analyzer

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Simple Golang HTTPS/TLS Examples

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

Web Scan Lazy Tools - Python Package

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

NebulousAD automated credential auditing tool.

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

👻Impost3r -- A linux password thief

network reconnaissance toolkit

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Implementation of a bulletproof node.js API 🛡️

Security advisory database for Rust crates published through crates.io

Go - CQRS / Event Sourcing made easy - Go

An open-source digital image forensic toolset

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

A social networking platform made using Node.js and MongoDB

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Docker image for a Jenkins agent which can connect to Jenkins using TCP or Websocket protocols

A Deep Learning Toolkit for DTI, Drug Property, PPI, DDI, Protein Function Prediction (Bioinformatics)

🤖 The Modern Port Scanner 🤖

The official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University

Performing security tests inside your CI

Toolbox containing research notes & PoC code for weaponizing .NET's DLR

syzkaller is an unsupervised coverage-guided kernel fuzzer

🔎 shodansploit > v1.3.0

Store data in a simple and secure way

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

Probably the most opinionated framework in the world

GoRelic is deprecated in favour of https://github.com/newrelic/go-agent

Python 3.5+ DNS asynchronous brute force utility

.NET 5 / .NET Core 3.1 WebAPI + Vue 2.0 + RBAC 企业级前后端分离权限框架

Hexagon is a microservices toolkit written in Kotlin. Its purpose is to ease the building of services (Web applications, APIs or queue consumers) that run inside a cloud platform.

A collection of links related to Linux kernel security and exploitation

SSL and TLS protocol test suite and fuzzer

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

List of Awesome Red Teaming Resources

Tactics, Techniques, and Procedures

Generating UI test label automatically for iOS.

A light-weight password manager with a focus on simplicity and security

My simple Swiss Army knife for http/https troubleshooting and profiling.

Easy CRUD for GraphQL.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

A boilerplate for kickstart your nodejs api project with JWT Auth and some new Techs :)

.net core fast http and websocket gateway components

Collection of PoC and offensive techniques used by the BlackArrow Red Team