748 Open source projects that are alternatives of or similar to Cyphon

Python script to decode common encoded PowerShell scripts

Explore Indicators of Compromise Automatically

🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021

A curated list of Site Reliability and Production Engineering resources.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Socioboard is world's first and open source Social Technology Enabler. Socioboard Core is our flagship product.

Golang security checker

HostHunter a recon tool for discovering hostnames using OSINT techniques.

NodeJS Simple Network Scanner

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Drone pentesting framework console

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

DeimosC2 is a Golang command and control framework for post-exploitation.

Attack surface mapping

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

mXtract - Memory Extractor & Analyzer

Attack Surface Management Platform | Sn1perSecurity LLC

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

fireELF - Fileless Linux Malware Framework

Social reading and reviewing, decentralized with ActivityPub

A curated list of tools for incident response

Open Source Tripwire®

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Enumerate and disable common sources of telemetry used by AV/EDR.

Public append-only ledger microservice built with Slim Framework

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Time series monitoring and alerting platform.

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Convolutional neural network for analyzing pentest screenshots

Automated Mass Exploiter

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Python library and CLI for accurately querying username and email usage on online platforms

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

红队综合渗透框架

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com

Export Kubernetes events to multiple destinations with routing and filtering

Performing security tests inside your CI

Security scanner coordinator

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

🎖safely* install packages with npm or yarn by auditing them as part of your install process

📕 twtxt is a Self-Hosted, Twitter™-like Decentralised microBlogging platform. No ads, no tracking, your content, your data!

Extract and aggregate threat intelligence.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

network visualization & vulnerability management/reporting

Simple script that checks a domain for email protections

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

a tool to analyze filesystem images for security