4903 Open source projects that are alternatives of or similar to Ffuf

Web path scanner

Cameradar hacks its way into RTSP videosurveillance cameras

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Responsive Command and Control System

Windows one line commands that make life easier, shortcuts and command line fu.

🔐 Docker Container for Penetration Testing & Security

Selenium powered Python script to automate searching for vulnerable web apps.

A tool to fastly get all javascript sources/files

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

被动式漏洞扫描系统

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Subdomain Takeover tool written in Go

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A tool to hunt for publicly accessible DigitalOcean Spaces

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

Hawkeye filesystem analysis tool

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

ANTLR v4 grammar-based test generator

Port scanning and domain utility.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Extract subdomains from SSL certificates in HTTPS sites.

Hetty is an HTTP toolkit for security research.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Gorsair hacks its way into remote docker containers that expose their APIs

Idiomatic nmap library for go developers

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

🔥 A powerful MongoDB auditing and pentesting tool 🔥

A list to discover work of red team tooling and methodology for penetration testing and security assessment

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

📡 A python program to create a fake AP and sniff data.

Intelligence tool but without API key

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

DeimosC2 is a Golang command and control framework for post-exploitation.

A flexible control server for osquery fleets

Evaluate the security of S3 buckets

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

Git folder digger, I'm sure it's worthwhile stuff.

Awesome cloud enumerator

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

Web Pentesting Fuzz 字典,一个就够了。

This repository contains full code examples from the book Gray Hat C#

🤖 The Modern Port Scanner 🤖

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Dradis Framework: Colllaboration and reporting for IT Security teams

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Extract endpoints from APK files