578 Open source projects that are alternatives of or similar to Esd

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Network Security Vulnerability Scanner

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

A default credential scanner.

A Machine Learning approach for classifying a file as Malicious or Legitimate

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

Directory/Subdomain scanner developed in GoLang.

Generalized proof of concept tool which can be used for drop-in bruteforce protection when needed.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Simple Golang HTTPS/TLS Examples

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

a javascript static security analysis tool

Source Code Security Audit (源代码安全审计)

Kubernetes RBAC static Analysis & visualisation tool

Bandit is a tool designed to find common security issues in Python code.

🔎 shodansploit > v1.3.0

Secure, Unified, Powerful and Extensible Rust Android Analyzer

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Open-Source Security Architecture | 开源安全架构

Reconnaissance tool of Penetration test & Bug Bounty

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Golang安全资源合集

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Hunt down the secrets from the WebArchives for Fun and Profit

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Application and Service Fingerprinting

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

kube-scan: Octarine k8s cluster risk assessment tool

Python 3.5+ DNS asynchronous brute force utility

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Official Black Hat Arsenal Security Tools Repository

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

InQL - A Burp Extension for GraphQL Security Testing

Web Scan Lazy Tools - Python Package

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Security scanner coordinator

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

Light NodeJS rate limiting and response delaying using Redis - including Express middleware.

Web application vulnerability scanner

NodeJS Simple Network Scanner

🆕 The Multi-Tool Web Vulnerability Scanner.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

JAVA安全SDK及编码规范

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.