397 Open source projects that are alternatives of or similar to Damn-Vulnerable-Bank

This document proposes a way of standardising the structure, language, and grammar used in security policies.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

A collection of resources/documentation/links/etc to help people learn about Infosec and break into the field.

Script to spider a website and find publicly open S3 buckets

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Bloodhound for Blue and Purple Teams

Hershell is a simple TCP reverse shell written in Go.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🌰 An onion url inspector for inspecting deep web links.

Information Security Library

DeimosC2 is a Golang command and control framework for post-exploitation.

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Extract endpoints from APK files

A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.

Idiomatic nmap library for go developers

🔐 Security advisories as a simple composer exclusion list, updated daily

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

You didn't think I'd go and leave the blue team out, right?

Links for the OSINT Team

Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Validate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation

Snyk's public vulnerability database

🔓 A dynamic dictionary merger for successful dictionary based attacks.

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

Malware Sample Sources

Writeups for infosec Capture the Flag events by team Galaxians

Notes Taken for HTB Machines & InfoSec Community.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Astra is a tool to find URLs and secrets inside a webpage/files

Tool to check for dependency confusion vulnerabilities in multiple package management systems

Agile Threat Modeling Toolkit

A list of interesting payloads, tips and tricks for bug bounty hunters.

Multi-threaded Padding Oracle attacks against any service. Written in Rust.

🎯 XML External Entity (XXE) Injection Payload List

Monitoring your Slack workspaces for sensitive information

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Threat Hunting queries for various attacks

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Find leaked emails with your passwords

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

Tool made to automate tasks of pentesting.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

List of my talks and workshops: security engineering, applied cryptography, secure software development

Offensive tools as Dockerfiles. Lightweight & Ready to go

Selenium powered Python script to automate searching for vulnerable web apps.

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

PowerShell framework to assess Azure security

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

A concise, directive, specific, flexible, and free incident response plan template

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Git folder digger, I'm sure it's worthwhile stuff.

A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻