800 Open source projects that are alternatives of or similar to awesome-api-security

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

OSINT Swiss Army Knife

Extract subdomains from SSL certificates in HTTPS sites.

A support library for Ronin. Like activesupport, but for hacking!

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🖖 Fast, modern, easy-to-use network scanner

A list of useful payloads for Web Application Security and Pentest/CTF

渗透测试☞经验/思路/总结/想法/笔记

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Webshell Manager

RFD Checker - security CLI tool to test Reflected File Download issues

渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

🔐 Docker Container for Penetration Testing & Security

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🌒 Shell command obfuscation to avoid detection systems

Selenium powered Python script to automate searching for vulnerable web apps.

Multi source CVE/exploit parser.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Awesome Node.js Security resources

This challenge is Inon Shkedy's 31 days API Security Tips.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Infosec Wordlists

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Web path scanner

Most usable tools for iOS penetration testing

Hershell is a simple TCP reverse shell written in Go.

Vulnerability Dashboard

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

WinAppDbg Debugger

Pentest: Subdomains enumeration tool for penetration testers.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

🔑 Hash type identifier (CLI & lib)

Turn your VPS into an attack box

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Related subdomains finder

A Tool for Domain Flyovers

Misc. Public Reports of Penetration Testing and Security Audits.

A curated list of awesome infosec courses and training resources.

A collection of various GitHub gists for hackers, pentesters and security researchers

Pentest Report Generator

Offensive tools as Dockerfiles. Lightweight & Ready to go

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

coverage guided fuzz testing for python

CLI to integrate continuous fuzzing with Fuzzit

A high performance offensive security tool for reconnaissance and vulnerability scanning

Seeding fuzzers with symbolic execution

Structure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions.

UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities

Domain-Specific Fuzzing with Waypoints

An open source fuzzing framework for fun.

Constraint solver based on coverage-guided fuzzing

Fuzzinator Random Testing Framework

ANTLR v4 grammar-based test generator

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

QASan is a custom QEMU 3.1.1 that detects memory errors in the guest using AddressSanitizer.

Rapid is a Go library for property-based testing that supports state machine ("stateful" or "model-based") testing and fully automatic test case minimization ("shrinking")