1565 Open source projects that are alternatives of or similar to AttackSurfaceManagement

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

List of Awesome Asset Discovery Resources

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

Gosint is a distributed asset information collection and vulnerability scanning platform

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.

Collect email addresses by crawling search engine results.

Framework для сбора данных из открытых источников. В Framework используется большое количество API, их необходимо зарегистрировать самому.​

The Offensive Manual Web Application Penetration Testing Framework.

my oscp prep collection

Hack the World using Termux

OSINT tool - gets data from services like shodan, censys etc. in one app

A tool to hunt for publicly accessible DigitalOcean Spaces

A collection of some of my scripts

An OSINT tool to gather information about the real owner of a phone number

A toolkit for Security Researchers

internet monitoring osint telegram bot for windows

Information Security Library

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

A Python-powered exploitation framework and botnet.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock

👀 Some of my favorite OSINT tools.

OSINT Framework

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Don't Just Search OSINT. Sweep It.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

Authors

Yar is a tool for plunderin' organizations, users and/or repositories.

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

Awesome hacking is an awesome collection of hacking tools.

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Automatically Launch Google Hacking Queries Against A Target Domain

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Intelligence and Reconnaissance Package/Bundle installer.

Search Google and download specific file types

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Quick SQL Scanner, Dorker, Webshell injector PHP

You didn't think I'd go and leave the blue team out, right?

CyberQueens lesson materials - learning resources and exercises for aspiring reverse engineers, exploit developers, and hackers 👩‍💻👨‍💻

Know Your IP: Get location, blacklist status, shodan and censys results, and more.

I created a dll injector I am going to Open source its Code. But remember one thing that is any one can use it only for Educational purpose .I again say do not use it to damage anyone's Computer.But one thing if you are using it for some good purpose like to help someone who really need help then I permit you to use it.

Automated Google dorking with custom search engines

网络信息安全从业者面试指南

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Lo0sR is a simple python Keylogger with many functions.

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

Penetration Test Framwork

python script allow red teaming , hackthebox Pwners , OSCP lovers to shorten their time by these useful shells

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.