947 Open source projects that are alternatives of or similar to Garud

Automated script to run all modules for a specified list of domains, netblocks or company name

Do some quick reconnaissance on a domain-based web-application

Security tool to quickly audit Public Box files and folders.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Discover Your Attack Surface!

🆕 The Multi-Tool Web Vulnerability Scanner.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A fast http and https prober, to check which URLs are alive

Making Favicon.ico based Recon Great again !

An automated approach to performing recon for bug bounty hunting and penetration testing.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Hack the World using Termux

Security Tool to Look For Interesting Files in S3 Buckets

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

A passive subdomain finder

Penetration tests guide based on OWASP including test cases, resources and examples.

A tool to fastly get all javascript sources/files

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Automating XSS using Bash

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Boxer: A fast directory bruteforce tool written in Python with concurrency.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Urls de-duplication tool for better recon.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A simple tool for interacting with OWASP ZAP from the commandline.

Automated Security Testing For REST API's

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Tool for catching and logging different types of requests.

备考 OSCP 的各种干货资料/渗透测试干货资料

Helpful scripts & configuration profiles for the Mac admin community

HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing

Python script wrote to automate the process of generating various reverse shells.

Intercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

SMB Relay Attack Script

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

A repository of tools for pentesting of restricted and isolated environments.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Advanced vulnerability scanning with Nmap NSE

A place where I can create, collect and share tooling, resources and knowledge about information security.

🔺 Red Team Hardware Toolkit 🔺

bash script to facilitate some aspects of an Android application assessment

Intelligence and Reconnaissance Package/Bundle installer.

Default signature for Jaeles Scanner

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Windows Games Launcher for FreeBSD 🎮

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

Perform automated network reconnaissance scans

Bashinator: Bash Shell Script Framework

A high performance offensive security tool for reconnaissance and vulnerability scanning