927 Open source projects that are alternatives of or similar to Cc.py

Intelligence tool but without API key

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

OSINT

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Do some quick reconnaissance on a domain-based web-application

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

Making Favicon.ico based Recon Great again !

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Automated All-in-One OS Command Injection Exploitation Tool.

Automatically Launch Google Hacking Queries Against A Target Domain

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

OSINT Tool: Generate username lists for companies on LinkedIn

Semi-automatic OSINT framework and package manager

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Simple multi threaded tool to extract domain related data from commoncrawl.org

Rockyou for web fuzzing

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

a recon tool that allows searching on URLs that are exposed via shortener services

Dump exposed HTTP .git fast

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

A tool to hunt for publicly accessible DigitalOcean Spaces

A passive subdomain finder

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Tool to automate common OSINT tasks

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Sifter aims to be a fully loaded Op Centre for Pentesters

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A Powerful Subdomain Takeover Tool

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Mining parameters from dark corners of Web Archives

An OSINT tool to find contacts in order to report security vulnerabilities.

Web path scanner

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Python 3.5+ DNS asynchronous brute force utility

my oscp prep collection

A Python3 based single-file subdomain enumerator

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Subdomain Takeover tool written in Go

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Burp Suite extension to discover assets from HTTP response.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Python library and CLI for the Bug Bounty Recon API

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Intelligence and Reconnaissance Package/Bundle installer.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

swiss army knife for hackers

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.