ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+1949.21%)
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+4579.37%)
Race The WebTests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Stars: ✭ 385 (+103.7%)
DetexploitOSS Vulnerability Scanner for Windows Platform
Stars: ✭ 146 (-22.75%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+102.12%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+501.06%)
GadgetprobeProbe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Stars: ✭ 381 (+101.59%)
SojoboA binary analysis framework
Stars: ✭ 116 (-38.62%)
Myscanmyscan 被动扫描
Stars: ✭ 373 (+97.35%)
MetaforgeAn OSINT Metadata analyzing tool that filters through tags and creates reports
Stars: ✭ 63 (-66.67%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+1359.26%)
OffensivedlrToolbox containing research notes & PoC code for weaponizing .NET's DLR
Stars: ✭ 364 (+92.59%)
Android Sitemap👓 Every link ever to Android Developer site.
Stars: ✭ 61 (-67.72%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+95.77%)
Dns DiscoveryDNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (-39.68%)
SpicypassA light-weight password manager with a focus on simplicity and security
Stars: ✭ 367 (+94.18%)
VulmapVulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+470.9%)
UnsignRemove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)
Stars: ✭ 362 (+91.53%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+1018.52%)
DeltaPROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK
Stars: ✭ 55 (-70.9%)
RtaRed team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.
Stars: ✭ 358 (+89.42%)
Bag Of HoldingAn application to assist in the organization and prioritization of software security activities.
Stars: ✭ 114 (-39.68%)
Linux Secureboot KitTool for complete hardening of Linux boot chain with UEFI Secure Boot
Stars: ✭ 54 (-71.43%)
NetpwnTool made to automate tasks of pentesting.
Stars: ✭ 152 (-19.58%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-32.28%)
Jok3rJok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+241.27%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (+79.89%)
SpellbookMicro-framework for rapid development of reusable security tools
Stars: ✭ 53 (-71.96%)
Snopfsnopf USB password token
Stars: ✭ 113 (-40.21%)
WebpocketExploit management framework
Stars: ✭ 142 (-24.87%)
Envkey AppSecure, human-friendly, cross-platform secrets and config.
Stars: ✭ 83 (-56.08%)
PystatAdvanced Netstat Using Python For Windows
Stars: ✭ 44 (-76.72%)
Outisoutis is a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).
Stars: ✭ 111 (-41.27%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+2313.23%)
ToxicAn ncurses-based Tox client (please make pull requests on the development fork: https://github.com/toktok/toxic)
Stars: ✭ 987 (+422.22%)
Ethereum ListsA repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.
Stars: ✭ 300 (+58.73%)
StegcloakHide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
Stars: ✭ 2,379 (+1158.73%)
DotdotslashSearch for Directory Traversal Vulnerabilities
Stars: ✭ 297 (+57.14%)
BanditBandit is a tool designed to find common security issues in Python code.
Stars: ✭ 3,763 (+1891.01%)
Docbleach🚿 Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software
Stars: ✭ 110 (-41.8%)
RmiscoutRMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
Stars: ✭ 296 (+56.61%)
Pentest ChainsawScrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product
Stars: ✭ 36 (-80.95%)
Cheatsheet GodPenetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+1762.96%)
Web MethodologyMethodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (-24.87%)
Security ListPenetrum LLC opensource security tool list.
Stars: ✭ 619 (+227.51%)
Kunpengkunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
Stars: ✭ 1,242 (+557.14%)
R2fridaRadare2 and Frida better together.
Stars: ✭ 610 (+222.75%)
Embaemba - An analyzer for Linux-based firmware of embedded devices.
Stars: ✭ 607 (+221.16%)
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+558.2%)
Articles Translator📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Stars: ✭ 606 (+220.63%)
Git HoundReconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (+218.52%)
CheckmyhttpsWe propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).
Stars: ✭ 35 (-81.48%)
Security ScriptsA collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
Stars: ✭ 188 (-0.53%)