3386 Open source projects that are alternatives of or similar to Arachni

Rubyfu, where Ruby goes evil!

Advanced and easy to use penetration testing framework 💣🔎

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Git All the Payloads! A collection of web attack payloads.

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

🌲 Aimbot powered by real-time object detection with neural networks, GPU accelerated with Nvidia. Optimized for use with CS:GO.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Cameradar hacks its way into RTSP videosurveillance cameras

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

MagJS - Modular Application Glue

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

🚂🚋 - sturdy 4kb frontend framework

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

Dark Web OSINT Tool

A web crawler (for bug hunting) that gathers more than you can imagine.

Small, fast, and modular DOM and event library for modern browsers.

Discover hidden deepweb pages

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

Pretty CSS analytics on the CLI

Chronos - A static race detector for the go language

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

A Kotlin-based testing/scraping/parsing library providing the ability to analyze and extract data from HTML (server & client-side rendered). It places particular emphasis on ease of use and a high level of readability by providing an intuitive DSL. It aims to be a testing lib, but can also be used to scrape websites in a convenient fashion.

Vulnerability Patterns Detector for C# and VB.NET

PHP Security Check List [ EN ] 🌋 ☣️

C++ simulation, reconstruction and analysis framework for particle physics experiments

用严肃的数据来回答“什么样的企业会到什么样的大学招聘”？

Parser and database to index the terpene profile of different strains of Cannabis from online databases

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

Perform advanced MiTM attacks on websites with ease 💉

Gorecon is a All in one Reconnaissance Tool , a.k.a swiss knife for Reconnaissance , A tool that every pentester/bughunter might wanna consider into their arsenal

Easy automated vulnerability scanning, reporting and analysis

A framework for secure and scalable network traffic analysis - https://netcap.io

ATT&CK实操

Hack the World using Termux

Concurrently detect the minimum Python versions needed to run code

Remote controlled frontend framework for Phoenix.

Detect and bypass web application firewalls and protection systems

Discover, install, and share napari plugins

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Some Reverse Engineering Tutorials for Beginners

Damn Vulnerable Web Application Docker container

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

KInspector is an application for analyzing health, performance and security of your Kentico solution.

Open Source SIEM (Security Information and Event Management system).

Pentest: Subdomains enumeration tool for penetration testers.

Toolset for detecting reflected xss in websites

Exporting MISP event attributes to yara rules usable with Thor apt scanner

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

In progress rough solutions to bWAPP / bee-box

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )

RFMap - Radio Frequency Mapper