399 Open source projects that are alternatives of or similar to Dufflebag

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Tool made to automate tasks of pentesting.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Android library to reveal or obfuscate strings and assets at runtime

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.

OSS Vulnerability Scanner for Windows Platform

Collection of PowerShell network security scripts for system administrators.

A binary analysis framework

The request.bin of DNS request

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Collecting & Hunting for IOCs with gusto and style

Username enumeration and password spraying tool aimed at Microsoft O365.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

A tool to test security of json web token

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

A note-taking macOS app for penetration-testers.

Hyuga 一个用来记录DNS查询和HTTP请求的监控工具。

Curated List of Privacy Respecting Services and Software

Some of the best web shells that you might need!

Set of tools to audit SIP based VoIP Systems

A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools

A Central Control Plane for AWS Permissions and Access

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Exein core for Linux based firmware

🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021

A ZigBee hacking toolkit by Bishop Fox

The full story of the CLR implementation of Meterpreter

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

The dum^H^H^Hsimplest encryption tool in the world.

🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!

Automated NoSQL database enumeration and web application exploitation tool.

Hashcat web interface

🚀 Fast Port Scanner 🚀

A Go implementation of dirsearch.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

End-To-End File & Message Encryption For Discord

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Tool for viewing and analyzing execution traces

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

一行代码检测XP/调试/多开/模拟器/root

Custom memory allocator that helps discover reads from uninitialized memory

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Cloud Discovery provides a point in time enumeration of all the cloud native platform services

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Exploit management framework

Intelligence and Reconnaissance Package/Bundle installer.

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

Find cloud assets that no one wants exposed 🔎 ☁️

NebulousAD automated credential auditing tool.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.