534 Open source projects that are alternatives of or similar to Bundler Audit

A repository of tools for pentesting of restricted and isolated environments.

Open Source Tripwire®

The clever vulnerability dependency finder

A simple tool for interacting with OWASP ZAP from the commandline.

mXtract - Memory Extractor & Analyzer

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

The dum^H^H^Hsimplest encryption tool in the world.

Drone pentesting framework console

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

ContainerSSH: Launch containers on demand

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

A set of recipes useful in pentesting and red teaming scenarios

Dradis Framework: Colllaboration and reporting for IT Security teams

OWASP Threat Dragon with Gitlab Integration

Extract and aggregate threat intelligence.

A repository of sysmon configuration modules

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Advanced vulnerability scanning with Nmap NSE

fireELF - Fileless Linux Malware Framework

🐞 Primitive Erlang Security Tool

HostHunter a recon tool for discovering hostnames using OSINT techniques.

🚀 Fast Port Scanner 🚀

NodeJS Simple Network Scanner

PoC tool to demonstrate vulnerabilities in wireless input devices

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Advanced and easy to use penetration testing framework 💣🔎

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters

Hunt down the secrets from the WebArchives for Fun and Profit

A set of functions implemented using lambda-cfn to monitor an organization's AWS infrastructure for best practices, security and compliance.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

A JWT (JSON Web Token) Encoder & Decoder

@viva_las_venus -- This project is to learn, teach and awareness about privacy and security in the digital life, to build a better, more open and more inclusive world together!

Explore Indicators of Compromise Automatically

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Forseti Security

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Dark Web OSINT Tool

Security advisory database for Rust crates published through crates.io

📷 ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from https://github.com/dosyago/p2%2e

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

Generalized proof of concept tool which can be used for drop-in bruteforce protection when needed.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

OSS Vulnerability Scanner for Windows Platform

protocol fuzzing toolkit

Python low-interaction honeyclient

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Friends don't let friends leak secrets on their terminal window 🙈

myscan 被动扫描

Some of the best web shells that you might need!

Semi-automatic OSINT framework and package manager

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

🕵️‍♀️ MixAudit provides a mix deps.audit task to scan a project Mix dependencies for known Elixir security vulnerabilities

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Find exploit tool

Enumeration sub domains(枚举子域名)