610 Open source projects that are alternatives of or similar to Cobra

安全总是无处不在...

红队综合渗透框架

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Drone pentesting framework console

Reverse shell generator written in Python 3.

Automated Mass Exploiter

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

🎯 Server Side Template Injection Payloads

A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com

A curated list of various bug bounty tools

Google Cloud Platform Security Tool

nnposter's alternate fingerprint dataset for Nmap script http-default-accounts

A repository of tools for pentesting of restricted and isolated environments.

IotShark - Monitoring and Analyzing IoT Traffic

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Simple script that checks a domain for email protections

Find leaked secrets via github search

Read local Chrome cookies without root or decrypting

Tool for viewing and analyzing execution traces

Golang security checker

A library to check for compromised passwords

Documentation:

Command-line passphrase generator

An NFC research toolkit application for Android

Extract uncompiled, uncompressed SPA code from Webpack source maps.

The dum^H^H^Hsimplest encryption tool in the world.

A command line security audit tool for Amazon Web Services

Awesome Java Security Resources 🕶☕🔐

Convolutional neural network for analyzing pentest screenshots

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

The OWASP ZAP core project

🕵️‍♀️ MixAudit provides a mix deps.audit task to scan a project Mix dependencies for known Elixir security vulnerabilities

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Qualys sslabs-scan utility in a tiny docker image

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Secure, human-friendly, cross-platform secrets and config.

A static analysis tool for security

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Search exposed EBS volumes for secrets

nodejsscan is a static security code scanner for Node.js applications.

Kubernetes object analysis with recommendations for improved reliability and security

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools

network visualization & vulnerability management/reporting

🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github

Linux privilege escalation auditing tool

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

A set of recipes useful in pentesting and red teaming scenarios

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

IBM Fully Homomorphic Encryption Toolkit For Linux. This toolkit is a Linux based Docker container that demonstrates computing on encrypted data without decrypting it! The toolkit ships with two demos including a fully encrypted Machine Learning inference with a Neural Network and a Privacy-Preserving key-value search.

An OSINT Metadata analyzing tool that filters through tags and creates reports

Intelligence and Reconnaissance Package/Bundle installer.

Username enumeration and password spraying tool aimed at Microsoft O365.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

🚀 Fast Port Scanner 🚀

The Swiss Army knife for automated Web Application Testing