610 Open source projects that are alternatives of or similar to Cobra

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

Linux命令转发记录

Enumeration sub domains(枚举子域名)

Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them

This ansible role gets information from an AWS VPC and generate a graphical representation of security groups

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Set of tools to audit SIP based VoIP Systems

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

A Go implementation of dirsearch.

A humble, and fast, security-oriented HTTP headers analyzer

A simple tool to detect outdated shared libraries

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

VOIP Security Audit Framework

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Official Black Hat Arsenal Security Tools Repository

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

Web-based Source Code Vulnerability Scanner

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

一键提取安卓应用中可能存在的敏感信息。

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

NodeJS Simple Network Scanner

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Powerful Visual Subdomain Enumeration at the Click of a Mouse

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

A static analysis security vulnerability scanner for Ruby on Rails applications

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Custom memory allocator that helps discover reads from uninitialized memory

Automated NoSQL database enumeration and web application exploitation tool.

Application and Service Fingerprinting

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Anteater - CI/CD Gate Check Framework

Identify hardcoded secrets and dangerous behaviours

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

HackerOne "in scope" domains

Light NodeJS rate limiting and response delaying using Redis - including Express middleware.

🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!

A high performance offensive security tool for reconnaissance and vulnerability scanning

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Find cloud assets that no one wants exposed 🔎 ☁️

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

Terraform module for creating alarms for tracking important changes and occurrences from cloudtrail.

A ZigBee hacking toolkit by Bishop Fox

安全编排与自动化响应平台

😱 从源码层面，剖析挖掘互联网行业主流技术的底层实现原理，为广大开发者 “提升技术深度” 提供便利。目前开放 Spring 全家桶，Mybatis、Netty、Dubbo 框架，及 Redis、Tomcat 中间件等

Collecting & Hunting for IOCs with gusto and style

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A simple tool for interacting with OWASP ZAP from the commandline.

ContainerSSH: Launch containers on demand

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

File Scanning Framework

Fuzz your Rust code with Google-developed Honggfuzz !

proxy poc implementation of STARTTLS stripping attacks