880 Open source projects that are alternatives of or similar to Arl

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Simple shell script for automated domain recognition with some tools

Web path scanner

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

DNS-Discovery is a multithreaded subdomain bruteforcer.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Automated NoSQL database enumeration and web application exploitation tool.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Making Favicon.ico based Recon Great again !

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Intelligence and Reconnaissance Package/Bundle installer.

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Credentials Checking Framework

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Exploit Pack -The next generation exploit framework

Unleash the power of cloud

Mass querying whois records

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

apkizer is a mass downloader for android applications for all available versions.

Simultaneously execute various subdomain enumeration tools and aggregate results.

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Pentesting/Bugbounty Dockerfiles.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Extract server and IP address information from Browser SSRF

Open Redirect scanner - (out of date)

Hacking Toolkit

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Yet Another PHP Shell - The most complete PHP reverse shell

An automated approach to performing recon for bug bounty hunting and penetration testing.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Find exploit tool

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

network visualization & vulnerability management/reporting

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Attack Surface Management Platform | Sn1perSecurity LLC

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

C2/post-exploitation framework

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

A collection of awesome one-liner scripts especially for bug bounty tips.

Reconness Agents Script

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

a recon tool that allows searching on URLs that are exposed via shortener services

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Kali Linux 工具合集中文说明书

The clever vulnerability dependency finder

Application and Service Fingerprinting

安全总是无处不在...

A fast web directory/file enumeration tool written in Rust

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Find exploits in local and online databases instantly