397 Open source projects that are alternatives of or similar to Damn-Vulnerable-Bank

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Information Security Library

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.

🔐 Security advisories as a simple composer exclusion list, updated daily

You didn't think I'd go and leave the blue team out, right?

Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.

Validate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation

🔓 A dynamic dictionary merger for successful dictionary based attacks.

Malware Sample Sources

Notes Taken for HTB Machines & InfoSec Community.

Astra is a tool to find URLs and secrets inside a webpage/files

Agile Threat Modeling Toolkit

Multi-threaded Padding Oracle attacks against any service. Written in Rust.

Monitoring your Slack workspaces for sensitive information

Threat Hunting queries for various attacks

Find leaked emails with your passwords

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

Tool made to automate tasks of pentesting.

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

Offensive tools as Dockerfiles. Lightweight & Ready to go

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>

InfoPath Phishing Repo Resource

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Totally Insecure Web Application Project (TIWAP)

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

The essential toolkit for reversing, malware analysis, and cracking

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

A Deliberately Insecure Web Application

Monitoring GitLab for sensitive data shared publicly

A memorial site for Hackers and Infosec people who have passed

A tool to hunt for publicly accessible DigitalOcean Spaces

goverview - Get an overview of the list of URLs

A permutation generation tool written in golang

Additional Resources For Securing The Stack Tutorials

📡 A python program to create a fake AP and sniff data.

No description or website provided.

An ongoing list of virtual cybersecurity conferences.

Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS

Operational Security utility and automator.

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A schema and set of tools for using SQL to query cloud infrastructure.

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Python bindings for Yeti's API

Exploitation Framework for Embedded Devices

A simple remote tool in C#.

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Little Bug Bounty & Hacking Tools⚔️

Script to spider a website and find publicly open S3 buckets

Decode All Bases - Base Scheme Decoder

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

A concise, directive, specific, flexible, and free incident response plan template

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Git folder digger, I'm sure it's worthwhile stuff.

A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau