1565 Open source projects that are alternatives of or similar to AttackSurfaceManagement

my oscp prep collection

OSINT tool - gets data from services like shodan, censys etc. in one app

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Framework для сбора данных из открытых источников. В Framework используется большое количество API, их необходимо зарегистрировать самому.​

A tool to hunt for publicly accessible DigitalOcean Spaces

Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock

Authors

The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.

👀 Some of my favorite OSINT tools.

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

Your Google Recon is Now Automated

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Urls de-duplication tool for better recon.

My personal bug bounty toolkit.

A Security Tool for Enumerating WebSockets

Captive wifi hotspot bypass tool for Linux

The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Statically-linked ssh server with reverse shell functionality for CTFs and such

Intelligence and Reconnaissance Package/Bundle installer.

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

internet monitoring osint telegram bot for windows

Yar is a tool for plunderin' organizations, users and/or repositories.

Discover internet-wide misconfigurations while drinking coffee

A Github organization reconnaissance tool.

Install the tools and start Attacking , black-tool v5.0 ! ⬛

Modular personalized dictionary generator.

Gosint is a distributed asset information collection and vulnerability scanning platform

Don't Just Search OSINT. Sweep It.

Collect email addresses by crawling search engine results.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

OSINT Framework

Data leak checker & OSINT Tool

network reconnaissance toolkit

Extracting URLs of a specific target based on the results of "commoncrawl.org"

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

Information Security Library

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

A Python-powered exploitation framework and botnet.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Hourly updated database of exploit and exploitation reports

Penetration tests guide based on OWASP including test cases, resources and examples.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

A Tool that Finds, Enumerates, and Exploits Reolink Cameras.

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

The fastest dork scanner written in Go.

平常看到好的渗透hacking工具和多领域效率工具的集合

A place where I can create, collect and share tooling, resources and knowledge about information security.

An OSINT tool to find contacts in order to report security vulnerabilities.

A collection of some of my scripts