610 Open source projects that are alternatives of or similar to Cobra

CMS/LMS/Library etc Versions Fingerprinter

🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)

📷 ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from https://github.com/dosyago/p2%2e

🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021

Trigram database written in C++, suited for malware indexing

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

A CLI tool for automating the importing, securing and usage of NordVPN (and in the future, more) OpenVPN servers through NetworkManager.

proxy poc implementation of STARTTLS stripping attacks

被动式漏洞扫描系统

🚿 Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

USB testing made easy

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.

Friends don't let friends leak secrets on their terminal window 🙈

The full story of the CLR implementation of Meterpreter

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

JAVA安全SDK及编码规范

批量漏洞扫描框架

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Hardening Ubuntu. Systemd edition.

EmbedOS - Embedded security testing virtual machine

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

A JWT (JSON Web Token) Encoder & Decoder

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

PoC code from DEF CON 25 presentation

Automatic SQL injection with Charles and sqlmap api

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.

Shodan API client

Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

Kali Linux 工具合集中文说明书

安全总是无处不在...

Google Cloud Platform Security Tool

nnposter's alternate fingerprint dataset for Nmap script http-default-accounts

A repository of tools for pentesting of restricted and isolated environments.

IotShark - Monitoring and Analyzing IoT Traffic

A collection of awesome security hardening guides, tools and other resources

Simplifying Seccomp enforcement in containerized or non-containerized apps

emba - An analyzer for Linux-based firmware of embedded devices.

Exein core for Linux based firmware

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

Common password pattern generator using strings list

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

.NET runtime inspector

Infection Monkey - An automated pentest tool

OSSSM (awesome). Open source short-term secure messaging

The request.bin of DNS request

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

C2/post-exploitation framework

Ansible role to apply a security baseline. Systemd edition.

Documentation:

Command-line passphrase generator

Extract uncompiled, uncompressed SPA code from Webpack source maps.

The dum^H^H^Hsimplest encryption tool in the world.

A command line security audit tool for Amazon Web Services

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

The OWASP ZAP core project

A static analysis tool for security