503 Open source projects that are alternatives of or similar to H1domains

The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.

Ghidra Analysis Enhancer 🐉

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Extract uncompiled, uncompressed SPA code from Webpack source maps.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Bash script to audit and fix macOS Catalina (10.15.x) security settings

A Central Control Plane for AWS Permissions and Access

☠️ Call of Duty - Vulnerabilities and proof-of-concepts

Checklist of security precautions for Ruby on Rails applications.

ContainerSSH: Launch containers on demand

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Intelligence and Reconnaissance Package/Bundle installer.

A repository of tools for pentesting of restricted and isolated environments.

AWS Identity and Access Management Visualizer and Anomaly Finder

The dum^H^H^Hsimplest encryption tool in the world.

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Automated NoSQL database enumeration and web application exploitation tool.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

🔐 Security advisories as a simple composer exclusion list, updated daily

Username enumeration and password spraying tool aimed at Microsoft O365.

🚀 Fast Port Scanner 🚀

🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Official Black Hat Arsenal Security Tools Repository

Python script to decode common encoded PowerShell scripts

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Contains Attack labs

Open source all-in-one CLI tool to semi-automate pentesting.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

A tool to test security of json web token

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Open source application to instantly remediate common security issues through the use of AWS Config

Find cloud assets that no one wants exposed 🔎 ☁️

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

A ZigBee hacking toolkit by Bishop Fox

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

A note-taking macOS app for penetration-testers.

Fuzz your Rust code with Google-developed Honggfuzz !

A Virtual environment for Pentesting IoT Devices

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Ansible role to apply a security baseline. Systemd edition.

Collecting & Hunting for IOCs with gusto and style

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.

A Go implementation of dirsearch.

一行代码检测XP/调试/多开/模拟器/root

Curated List of Privacy Respecting Services and Software

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Android library to reveal or obfuscate strings and assets at runtime

Powerful Visual Subdomain Enumeration at the Click of a Mouse

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Cloud Discovery provides a point in time enumeration of all the cloud native platform services

Set of tools to audit SIP based VoIP Systems

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Reverse shell generator written in Python 3.

Some of the best web shells that you might need!

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.