2323 Open source projects that are alternatives of or similar to Dirsearch

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Multi source CVE/exploit parser.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

CMS Detection and Exploit Kit based on Whatcms.org API

Related subdomains finder

SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By init__0 for termux on android

Ruby on Rails Phishing Framework

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Http request smuggling vulnerability scanner

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

Obtain GraphQL API Schema even if the introspection is not enabled

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

Patch iOS Apps, The Easy Way, Without Jailbreak.

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

🤖 The Modern Port Scanner 🤖

Mass querying whois records

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Damn Vulnerable Web Application (DVWA)

WordPress pentest tool

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Chromepass - Hacking Chrome Saved Passwords

Go library for credentials recovery

goverview - Get an overview of the list of URLs

Totally Insecure Web Application Project (TIWAP)

Python3 tool to perform password spraying using RDP

run AFL with pintool

Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Simple HS256 JWT token brute force cracker

This document proposes a way of standardising the structure, language, and grammar used in security policies.

JSON RSA to HMAC and None Algorithm Vulnerability POC

Open Redirect Payloads

🔑 Hash type identifier (CLI & lib)

Astra is a tool to find URLs and secrets inside a webpage/files

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Making Favicon.ico based Recon Great again !

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Log any method call of object in Objective-C

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Full Nuclei automation script with logic explanation.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Web application vulnerability scanner

My personal bug bounty toolkit.

🌒 Shell command obfuscation to avoid detection systems

Automated script to run all modules for a specified list of domains, netblocks or company name

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Captive wifi hotspot bypass tool for Linux

Wordpress Attack Suite

My own OSCP guide

Some good resources for getting started with application security

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

A Python Tool For google Hacking

w3af: web application attack and audit framework, the open source web vulnerability scanner.