1086 Open source projects that are alternatives of or similar to Awesome Nodejs Security

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

🔐 Docker Container for Penetration Testing & Security

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

OWASP Honeypot, Automated Deception Framework.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Pentest Report Generator

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Multi source CVE/exploit parser.

🔑 Hash type identifier (CLI & lib)

Vulnerability Dashboard

Additional Resources For Securing The Stack Tutorials

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Responsive Command and Control System

This repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.

Misc. Public Reports of Penetration Testing and Security Audits.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Dorothy is a tool to test security monitoring and detection for Okta environments

Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers

Bringing you the best of the worst files on the Internet.

Next generation web scanner

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

VirusTotal Wanna Be - Now with 100% more Hipster

A curated list of awesome infosec courses and training resources.

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

Extract subdomains from SSL certificates in HTTPS sites.

Integrates Dependency-Check reports into SonarQube

Snyk's public vulnerability database

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Offensive Reverse Shell (Cheat Sheet)

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A Tool for Domain Flyovers

渗透测试☞经验/思路/总结/想法/笔记

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

🎯 XML External Entity (XXE) Injection Payload List

Selenium powered Python script to automate searching for vulnerable web apps.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A list of web application security

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A concise, directive, specific, flexible, and free incident response plan template

Hershell is a simple TCP reverse shell written in Go.

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

OWASP WEB Directory Scanner

OSINT Swiss Army Knife

Most usable tools for iOS penetration testing

A collection of awesome security hardening guides, tools and other resources

A collection of various GitHub gists for hackers, pentesters and security researchers

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

A list of resources for those interested in getting started in bug bounties

An advanced tool for email reconnaissance

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

Snoop — инструмент разведки на основе открытых данных (OSINT world)

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities