825 Open source projects that are alternatives of or similar to 31 Days Of Api Security Tips

Damn Vulnerable Web Application (DVWA)

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

a recon tool that allows searching on URLs that are exposed via shortener services

My notebook for OSCP Lab

An advanced tool for email reconnaissance

Nuclei templates for K8S security scanning

This program focuses on automating the download, installation and compilation of pentest tools from source

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Burp Suite extension to passively scan for applications revealing server error messages

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

A MongoDB importer and API for Project Sonars DNS datasets

Open-source vulnerability disclosure and bug bounty program database.

🥀 Search Engine Tookit，URL采集、Favicon哈希值查找真实IP、子域名查找

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

A default credential scanner.

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

🔨 Manage your website via terminal

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A concise, directive, specific, flexible, and free incident response plan template

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Making Favicon.ico based Recon Great again !

Hacker101 CTF Writeup

Pentest Lab on OpenStack with Heat, Chef provisioning and Docker

A collection of awesome security hardening guides, tools and other resources

Git folder digger, I'm sure it's worthwhile stuff.

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Threat Hunting queries for various attacks

A scanner for Moodle LMS

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

MSDAT: Microsoft SQL Database Attacking Tool

A collection of resources I'm using while working toward the OSCP

WinAppDbg Debugger

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

websocket-connection-smuggler

A tool for testing subdomain takeover possibilities at a mass scale.

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

A (partial) Python rewriting of PowerSploit's PowerView

Blind WAF identification tool

Scan for and exploit Consul agents

Pentest environment deployer (kali linux + targets) using vagrant and chef.

Para pencari bug / celah kemanan bisa bergabung.

A collection of useful links for Pentesters

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Automation for javascript recon in bug bounty.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Subdomain takeover vulnerability checker

Next generation web scanner

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Fully automated offensive security framework for reconnaissance and vulnerability scanning