490 Open source projects that are alternatives of or similar to Fsf

YARA malware query accelerator (web frontend)

Extract and aggregate threat intelligence.

Trigram database written in C++, suited for malware indexing

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

Ansible role to apply a security baseline. Systemd edition.

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

AWS Identity and Access Management Visualizer and Anomaly Finder

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Patch-level verification for Bundler

Search exposed EBS volumes for secrets

🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!

Python script to decode common encoded PowerShell scripts

Yara integrated software to handle archive file data.

Reverse shell generator written in Python 3.

Fuzz your Rust code with Google-developed Honggfuzz !

APT & CyberCriminal Campaign Collection

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A static analysis tool for security

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

安全编排与自动化响应平台

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Citizen Lab Malware Reports

A ZigBee hacking toolkit by Bishop Fox

IOC from articles, tweets for archives

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

No description, website, or topics provided.

Open source application to instantly remediate common security issues through the use of AWS Config

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Official Black Hat Arsenal Security Tools Repository

memory search and patch tool on debuggable apk without root & ndk

CMS/LMS/Library etc Versions Fingerprinter

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Endpoint detection & Malware analysis software

PoC code from DEF CON 25 presentation

Advanced and easy to use penetration testing framework 💣🔎

Light NodeJS rate limiting and response delaying using Redis - including Express middleware.

Extract uncompiled, uncompressed SPA code from Webpack source maps.

Cameradar hacks its way into RTSP videosurveillance cameras

Intelligence and Reconnaissance Package/Bundle installer.

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

A Virtual environment for Pentesting IoT Devices

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Find cloud assets that no one wants exposed 🔎 ☁️

zBang is a risk assessment tool that detects potential privileged account threats

Collecting & Hunting for IOCs with gusto and style

Go bindings for YARA

Awesome Java Security Resources 🕶☕🔐

A Go implementation of dirsearch.

ContainerSSH: Launch containers on demand

Android library to reveal or obfuscate strings and assets at runtime

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Ghidra Analysis Enhancer 🐉

.NET runtime inspector

Linux privilege escalation auditing tool