347 Open source projects that are alternatives of or similar to CommandGenInterface

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Web path scanner

Presentations at the Tokyo Nixos Meetup

Pentest/BugBounty progress control with scanning modules

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Hydra Hot Potato Player (game)

neural network based speaker embedder

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

Http request smuggling vulnerability scanner

Related subdomains finder

Tool to bypass 40X response codes.

DOES NOT WORK WITH VERSIONS > 0.10.0 - A simple library to help you build node-based identity providers that work with Hydra.

Information Security Library

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

apkizer is a mass downloader for android applications for all available versions.

Swiftly search FDNS datasets from Rapid7 Open Data

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

XSS Payload without Anything.

A service aware router for Hydra Services. Implements an API Gateway and can route web socket messages.

RDF vocabulary and specification

Turn your VPS into an attack box

Hydra-enabled GPU path tracer that supports MaterialX and MDL.

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Toolset for detecting reflected xss in websites

Mass querying whois records

Scan secrets from Continuous Integration Build Logs

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Astra is a tool to find URLs and secrets inside a webpage/files

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

A collection of functions for Hydra

Hyku: A multi-tenant Hyrax application built on the latest and greatest Samvera community components. Brought to you by the Hydra-in-a-Box project partners and IMLS; maintained by the Hyku Interest Group.

Full Nuclei automation script with logic explanation.

Tiny Sentry client with idiomatic wrapper for Angular

Little Bug Bounty & Hacking Tools⚔️

Find endpoints on GitHub.

Signatures for jaeles scanner by @j3ssie

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Fast and customizable vulnerability scanner For JIRA written in Python

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Send notifications on different channels such as Slack, Telegram, Discord etc.

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

An Extended, Modulair, Host Discovery Framework

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.

Flexible components pairing 🤗 Transformers with Pytorch Lightning

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Intentionally vulnerable Android application.

Extract endpoints marked as disallow in robots files to generate wordlists.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Unleash the power of cloud

Modified Nuclei Templates Version to FUZZ Host Header

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

This document proposes a way of standardising the structure, language, and grammar used in security policies.