503 Open source projects that are alternatives of or similar to H1domains

Qualys sslabs-scan utility in a tiny docker image

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Intelligence and Reconnaissance Package/Bundle installer.

红队综合渗透框架

kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。

Drone pentesting framework console

A repository of tools for pentesting of restricted and isolated environments.

Automated Mass Exploiter

Tools to automate and/or expedite response.

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

AWS Identity and Access Management Visualizer and Anomaly Finder

Penetration Testing notes, resources and scripts

A repository of sysmon configuration modules

The dum^H^H^Hsimplest encryption tool in the world.

Patch-level verification for Bundler

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

OWASP Threat Dragon with Gitlab Integration

Simple script that checks a domain for email protections

Read local Chrome cookies without root or decrypting

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

Local Exploit for Meltdown

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Automated NoSQL database enumeration and web application exploitation tool.

Public append-only ledger microservice built with Slim Framework

Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

🚀 Fast Port Scanner 🚀

Convolutional neural network for analyzing pentest screenshots

Forseti Security

hacker, ready for more of our story ! 🚀

🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

📷 ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from https://github.com/dosyago/p2%2e

A set of functions implemented using lambda-cfn to monitor an organization's AWS infrastructure for best practices, security and compliance.

EmbedOS - Embedded security testing virtual machine

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Official Black Hat Arsenal Security Tools Repository

@viva_las_venus -- This project is to learn, teach and awareness about privacy and security in the digital life, to build a better, more open and more inclusive world together!

Friends don't let friends leak secrets on their terminal window 🙈

End-To-End File & Message Encryption For Discord

Hunt down the secrets from the WebArchives for Fun and Profit

Dark Web OSINT Tool

myscan 被动扫描

Kali Linux 工具合集中文说明书

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Generalized proof of concept tool which can be used for drop-in bruteforce protection when needed.

A JWT (JSON Web Token) Encoder & Decoder

Python low-interaction honeyclient

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Endpoint detection & Malware analysis software

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告

Linting tool for CloudFormation templates

protocol fuzzing toolkit