1264 Open source projects that are alternatives of or similar to Burpsuite Xkeys

Attack Surface Management Platform | Sn1perSecurity LLC

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Useful tools and scripts during Penetration Testing engagements

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

A wrapper for Nmap to quickly run network scans

Advanced Web Shell

SSRF (Server Side Request Forgery) testing resources

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Semi-automatic OSINT framework and package manager

HackBar plugin for Burpsuite

CVE-2016-8610 (SSL Death Alert) PoC

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Powerful plugins and add-ons for hackers

Penetration Testing notes, resources and scripts

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Ruby on Rails Phishing Framework

A simple keylogger for Windows, Linux and Mac

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Dark Web OSINT Tool

A tool to test security of json web token

Simple multi threaded tool to extract domain related data from commoncrawl.org

📡 A python program to create a fake AP and sniff data.

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

Burp extension to passively scan for applications revealing software version numbers

A simple dns resolver of dns-record and web-record log server for pentesting

Privilege Escalation Enumeration Script for Windows

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Burp Suite extension to passively scan for applications revealing server error messages

Micro-framework for rapid development of reusable security tools

Linux enumeration tool for pentesting and CTFs with verbosity levels

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

XSHOCK Shellshock Exploit

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Burp Bounty profiles compilation, feel free to contribute!

An OSINT tool to gather information about the real owner of a phone number

The best Hacking and PenTesting tools installer on the world

An extensible application for penetration testers and software developers to decode/encode data into various formats.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Browse and search through nmap's NSE scripts.

Fast browser-based network discovery module

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Venom - A Multi-hop Proxy for Penetration Testers

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer