533 Open source projects that are alternatives of or similar to Bluespawn

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Convolutional neural network for analyzing pentest screenshots

YARA malware query accelerator (web frontend)

C2/post-exploitation framework

The Hunting ELK

A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Collection of PowerShell network security scripts for system administrators.

Exploit Pack -The next generation exploit framework

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

IAST 灰盒扫描工具

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Automated cacert.pem management for PHP projects

Username enumeration and password spraying tool aimed at Microsoft O365.

SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

一行代码检测XP/调试/多开/模拟器/root

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

Powerful Visual Subdomain Enumeration at the Click of a Mouse

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Cloud Discovery provides a point in time enumeration of all the cloud native platform services

Linux privilege escalation auditing tool

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Lightweight File Integrity Monitoring Tool

Awesome hacking is an awesome collection of hacking tools.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Hardening Ubuntu. Systemd edition.

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

CMS/LMS/Library etc Versions Fingerprinter

A CLI tool for automating the importing, securing and usage of NordVPN (and in the future, more) OpenVPN servers through NetworkManager.

My personal experience in Threat Hunting and knowledge gained so far.

Work in progress firewall for Linux syscalls, written in Rust

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Web Application recon automation

Leverage Sophos Central API

EmbedOS - Embedded security testing virtual machine

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

A static analysis tool for security

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Collaborative malware analysis framework

zBang is a risk assessment tool that detects potential privileged account threats

HackerOne "in scope" domains

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.