397 Open source projects that are alternatives of or similar to Damn-Vulnerable-Bank

Validate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation

Malware Sample Sources

Astra is a tool to find URLs and secrets inside a webpage/files

Multi-threaded Padding Oracle attacks against any service. Written in Rust.

Threat Hunting queries for various attacks

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

InfoPath Phishing Repo Resource

Totally Insecure Web Application Project (TIWAP)

The essential toolkit for reversing, malware analysis, and cracking

A Deliberately Insecure Web Application

A memorial site for Hackers and Infosec people who have passed

goverview - Get an overview of the list of URLs

Additional Resources For Securing The Stack Tutorials

No description or website provided.

Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

A schema and set of tools for using SQL to query cloud infrastructure.

Python bindings for Yeti's API

A simple remote tool in C#.

Little Bug Bounty & Hacking Tools⚔️

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Nozzlr is a bruteforce framework, trully modular and script-friendly

Monitoring GitHub for sensitive data shared publicly

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Oversecured Vulnerable iOS App

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Side-channel file transfer between independent VMs or processes executed on the same physical host.

Collection of several DDos tools.

🖖 Fast, modern, easy-to-use network scanner

An integrated tool and a collection of snippets which helps in the various aspects of the terminal.

CLI to interact with Kondukto

Scan installed EDRs and AVs on Windows

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

SEC分布式资产扫描系统

all manner of wordlists

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Personal security checklist for securing your devices and accounts.

A support library for Ronin. Like activesupport, but for hacking!

Django application that performs SAST and Malware Analysis for Android APKs

OSINT Project

A Blazing fast Security Auditing tool for Kubernetes

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

unix wildcard attacks

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Sandboxed Wrapper for Node.js File System API

This document proposes a way of standardising the structure, language, and grammar used in security policies.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Script to spider a website and find publicly open S3 buckets

Swiss army knife for identifying and fingerprinting Android devices.

A concise, directive, specific, flexible, and free incident response plan template

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Git folder digger, I'm sure it's worthwhile stuff.