441 Open source projects that are alternatives of or similar to Findwebshell

🔐 Open Source Python Keylogger Collection

Open source incident management and response platform.

ContainerSSH: Launch containers on demand

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Open Source Tripwire®

A curated list of various bug bounty tools

a very fast brute force webshell password tool

Source Code Security Audit (源代码安全审计)

mXtract - Memory Extractor & Analyzer

Android Mobile Device Hardening

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Attack surface mapping

This ansible role gets information from an AWS VPC and generate a graphical representation of security groups

Attack Surface Management Platform | Sn1perSecurity LLC

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com

A library to check for compromised passwords

Extract and aggregate threat intelligence.

Hyuga 一个用来记录DNS查询和HTTP请求的监控工具。

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

The clever vulnerability dependency finder

fireELF - Fileless Linux Malware Framework

Fuzz your Rust code with Google-developed Honggfuzz !

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Secure, human-friendly, cross-platform secrets and config.

NodeJS Simple Network Scanner

OSS Vulnerability Scanner for Windows Platform

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

DeimosC2 is a Golang command and control framework for post-exploitation.

Open source application to instantly remediate common security issues through the use of AWS Config

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

A set of recipes useful in pentesting and red teaming scenarios

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

A repository of sysmon configuration modules

Enumerate and disable common sources of telemetry used by AV/EDR.

A Blazing fast Security Auditing tool for Kubernetes

Performing security tests inside your CI

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

PoC tool to demonstrate vulnerabilities in wireless input devices

network visualization & vulnerability management/reporting

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Generalized proof of concept tool which can be used for drop-in bruteforce protection when needed.

Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A secret manager for AWS

Data leak checker & OSINT Tool

CMS/LMS/Library etc Versions Fingerprinter

Security Knowledge Structure(安全知识汇总)

Collecting & Hunting for IOCs with gusto and style

A toolkit for Security Researchers