738 Open source projects that are alternatives of or similar to Astra

Automated Penetration Testing Framework

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

secureCodeBox (SCB) - continuous secure delivery out of the box

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Code from Blackhat Python book

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog

Next generation web scanner

A collection of hacking / penetration testing resources to make you better!

Tools for Hacking

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A repository of tools for pentesting of restricted and isolated environments.

PENIOT: Penetration Testing Tool for IoT

Audit tool to find common vulnerabilities in PHP source code

A simple tool for interacting with OWASP ZAP from the commandline.

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Penetration Testing notes, resources and scripts

Application Security Automation

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

🆕 The Multi-Tool Web Vulnerability Scanner.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

This is the official main repository for the Assimilation project

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Infection Monkey - An automated pentest tool

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Tools used for Penetration testing / Red Teaming

Hack the World using Termux

Learning Penetration Testing of Android Applications

A collection of Ansible roles for automating infosec builds.

A Tools Session Hijacking And Stealer Local Passcode Telegram Windows

Don't let buffer overflows overflow your mind

A tool to build deb or rpm package of required Nginx version from the source code, with the ability to connect third-party modules. Nginx parameters are set in the yaml configuration file.

Powerful Visual Subdomain Enumeration at the Click of a Mouse

wcm.io Jenkins Pipeline Library for CI/CD

Wireshark Cheat Sheet

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, hobbyists, and Information Security professionals with conducting firmware security assessments.

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

A collection of personal scripts used in hacking excercises.

🎬 MovieApp is a Flutter application built to demonstrate the use of modern development tools with best practices implementation like Modularization, BLoC, Dependency Injection, Dynamic Theme, Cache, Shimmer, Testing, Flavor, CI/CD, etc.

Tensor - Comprehensive web-based automation framework and Centralized infrastructure management platform

A place where I can create, collect and share tooling, resources and knowledge about information security.

Study Notes For Web Hacking / Web安全学习笔记

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

The Kubernetes Continuous Integration & Delivery Platform (CI/CD) 🔄

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Awesome hacking is an awesome collection of hacking tools.

In-depth Attack Surface Mapping and Asset Discovery