228 Open source projects that are alternatives of or similar to Fortiscan

Securify v2.0

Auto Scanning to SSL Vulnerability

A curated list of awesome baseband research resources

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Apache Solr Injection Research

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Penetration Testing Platform

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

A vulnerability scanner for container images and filesystems

Create actionable data from your Vulnerability Scans

IoT 固件漏洞复现环境

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

Asynchronous Python implementation of SlowLoris DoS attack

Vulners Python API wrapper

Test a host for susceptibility to CVE-2019-19781

Joint Advanced Defect assEsment for android applications

An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Vulnerability Labs for security analysis

(deprecated) Android application vulnerability analysis and Android pentest tool

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

A few SQL and XSS attack tools

Exploiting Edge's read:// urlhandler

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

Reverse Shell as a Service

An implementation of the waithax / slowhax 3DS Kernel11 exploit.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

burpsuite extension for check unauthorized vulnerability

Log4j Vulnerability Scanner for Windows

SQL Vulnerability Scanner

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

My fuzzing corpus

Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

👨‍💻 A work-in-progress web services mass scanner written in Rust

The Correlated CVE Vulnerability And Threat Intelligence Database API

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Huorong Internet Security vulnerabilities 火绒安全软件漏洞

XSS in pastebin.com and reddit.com via unsanitized markdown output

🎯 Command Injection Payload List

Powerful dork searcher and vulnerability scanner for windows platform

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Safari local file reader

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

A web crawler (for bug hunting) that gathers more than you can imagine.

Penetration tests guide based on OWASP including test cases, resources and examples.

A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档