3386 Open source projects that are alternatives of or similar to Arachni

Audit tool to find common vulnerabilities in PHP source code

Automated NoSQL database enumeration and web application exploitation tool.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

pentest framework

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Web application vulnerability scanner

swiss army knife for hackers

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Next generation web scanner

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Powerfull XSS Scanning and Parameter analysis tool&gem

Advanced dork Search & Mass Exploit Scanner

A fast web directory/file enumeration tool written in Rust

A list of useful payloads for Web Application Security and Pentest/CTF

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Pentest Report Generator

🆕 The Multi-Tool Web Vulnerability Scanner.

Idiomatic nmap library for go developers

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

my oscp prep collection

No description or website provided.

Source code for Hacker101.com - a free online web and mobile security class.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

massive SQL injection vulnerability scanner

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

GUI based offensive penetration testing tool (Open Source)

Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Advanced vulnerability scanning with Nmap NSE

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

network reconnaissance toolkit

A list of web application security

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Hacking Toolkit

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

List of every possible vulnerabilities in computer security.

Hack the World using Termux

Remote controlled frontend framework for Phoenix.

Damn Vulnerable Web Application Docker container

(deprecated) Android application vulnerability analysis and Android pentest tool

Discover, install, and share napari plugins

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Concurrently detect the minimum Python versions needed to run code

Detect and bypass web application firewalls and protection systems

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Open Source SIEM (Security Information and Event Management system).

Pentest: Subdomains enumeration tool for penetration testers.