2323 Open source projects that are alternatives of or similar to Dirsearch

My Material for the HITB presentation

👻Impost3r -- A linux password thief

A Handy-Dandy Personal Toolkit for Enumeration and a headstart on attacking a machine!

Automated Pentest Tools Designed For Parrot Linux

Scanner, signatures and the largest collection of Magento malware

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Mutation Based Fuzzer for IEC61850 Server IED'S

Script to spider a website and find publicly open S3 buckets

Information Security Library

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Some good resources for getting started with application security

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Zero-setup SSH-based scanner with extensive visualizations for Debian server inventory, policy compliance and vulnerabilities

expansion of afl-unicorn using c++

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Obtain GraphQL API Schema even if the introspection is not enabled

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Http request smuggling vulnerability scanner

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

PyJFuzz - Python JSON Fuzzer

Go library for credentials recovery

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

syzkaller is an unsupervised coverage-guided kernel fuzzer

NetCat for Windows

WinAppDbg Debugger

goverview - Get an overview of the list of URLs

Automated Red Team Infrastructure deployement using Docker

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Totally Insecure Web Application Project (TIWAP)

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

Git All the Payloads! A collection of web attack payloads.

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

Mass querying whois records

WordPress pentest tool

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Advanced Web Shell

This document proposes a way of standardising the structure, language, and grammar used in security policies.

JSON RSA to HMAC and None Algorithm Vulnerability POC

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Full Nuclei automation script with logic explanation.

Astra is a tool to find URLs and secrets inside a webpage/files

🔑 Hash type identifier (CLI & lib)

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Writeups for infosec Capture the Flag events by team Galaxians

Information Gathering tool for a Website or IP address

My personal bug bounty toolkit.

Automated script to run all modules for a specified list of domains, netblocks or company name

🌒 Shell command obfuscation to avoid detection systems

A curated list of awesome infosec courses and training resources.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.