224 Open source projects that are alternatives of or similar to Burp Molly Scanner

Randomly test state machines (such as your UI) by randomly navigating through transitions

Safety checks your installed dependencies for known security vulnerabilities

Python2编写的struts2漏洞全版本检测和利用工具

A Ruby test adapter extension for the VS Code Test Explorer

HackBar plugin for Burpsuite

Automate the creation of Python Selenium Scripts by drawing coloured boxes on webpage elements

Discover Your Attack Surface!

PHP malware detector

A jasmine reporter that produces an easy to use html report to analyze protractor test results.

Main Repository. Report Portal starts here - see readme below.

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Appium template for android testing training

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

UI test automation library for QtQuick/QML Apps

Security checks pack for Burp Suite

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

OpenSourceTest由自动化测试-夜行者社区维护，提供的是更多地灵活性和可配置性

End-to-end testing framework written in Node.js and using the Webdriver API

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

SQL Vulnerability Scanner

A Burp Extender for checking for struts 2 RCE vulnerabilities.

Find secrets and passwords in container images and file systems

All-in-one tool for managing vulnerability reports from AppSec pipelines

A demonstration repository explains how to using Puppeteer in unit testing

Advanced dork Search & Mass Exploit Scanner

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

A curated list of vulnerable web applications.

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

SD-WAN security and insecurity

Burp Suite extension to passively scan for applications revealing server error messages

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.

A tool for scanning registery key permissions. Find where non-admins can create symbolic links.

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

Automated Penetration Testing Framework

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Burp extension to passively scan for applications revealing software version numbers

Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

XSSCon: Simple XSS Scanner tool

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Python3编写的CMS漏洞检测框架

ms17_010的批量扫描工具

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.

A cross-engine test automation framework based on UI inspection

The Correlated CVE Vulnerability And Threat Intelligence Database API

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

OSS Vulnerability Scanner for Windows Platform

Greenbone Vulnerability Manager

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

A UiAutomator on android, does not need root access(安卓平台上的JavaScript自动化工具)

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.