707 Open source projects that are alternatives of or similar to Backfuzz

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Dashboard to collect, analyze, and respond to reported phishing emails.

Webshell Manager

A default credential scanner.

Common password pattern generator using strings list

Tool made to automate tasks of pentesting.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Most usable tools for iOS penetration testing

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

DeimosC2 is a Golang command and control framework for post-exploitation.

The Swiss Army knife for automated Web Application Testing

Cameradar hacks its way into RTSP videosurveillance cameras

A Blazing fast Security Auditing tool for Kubernetes

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

Find cloud assets that no one wants exposed 🔎 ☁️

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A collection of awesome security hardening guides, tools and other resources

An OSINT Metadata analyzing tool that filters through tags and creates reports

All-in-one tool for managing vulnerability reports from AppSec pipelines

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

Telling tales on you for leaking secrets!

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

Awesome Node.js Security resources

OSSSM (awesome). Open source short-term secure messaging

VOIP Security Audit Framework

GitBook: OSCP RoadMap

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

🔐 Open Source Python Keylogger Collection

The clever vulnerability dependency finder

Simplifying Seccomp enforcement in containerized or non-containerized apps

Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Qualys sslabs-scan utility in a tiny docker image

🐛 Malware Sinkhole List in various formats

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

VirusTotal Wanna Be - Now with 100% more Hipster

Secure, human-friendly, cross-platform secrets and config.

Exploitation Framework for Embedded Devices

A security monitoring solution for Kubernetes

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

Tools to automate and/or expedite response.

A curated list of various bug bounty tools

A set of recipes useful in pentesting and red teaming scenarios

Responsive Command and Control System

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Python Ransomware Tutorial - YouTube tutorial explaining code + showcasing the ransomware with victim/target roles

A repository of sysmon configuration modules

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats