1630 Open source projects that are alternatives of or similar to Bulwark

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Next generation web scanner

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Centralize Vulnerability Assessment and Management for DevSecOps Team

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

🎯 RFI/LFI Payload List

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Web path scanner

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

🆕 The Multi-Tool Web Vulnerability Scanner.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Full Nuclei automation script with logic explanation.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A note-taking macOS app for penetration-testers.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Python 3.5+ DNS asynchronous brute force utility

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Exploit Pack -The next generation exploit framework

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Open-Source Security Architecture | 开源安全架构

The Shadow Attack Framework

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

EmbedOS - Embedded security testing virtual machine

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Go-deliver is a payload delivery tool coded in Go.

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Dump exposed HTTP .git fast

Find web directories without bruteforce

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

无状态子域名爆破工具

Empire HTTP(S) C2 redirector setup script

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

The Swiss Army knife for automated Web Application Testing

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.