899 Open source projects that are alternatives of or similar to H2csmuggler

The Swiss Army knife for automated Web Application Testing

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

protocol fuzzing toolkit

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

An automated target reconnaissance pipeline.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

A Blazing fast Security Auditing tool for Kubernetes

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Common password pattern generator using strings list

A note-taking macOS app for penetration-testers.

Web Application recon automation

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Cameradar hacks its way into RTSP videosurveillance cameras

Tool made to automate tasks of pentesting.

This repository created for personal use and added tools from my latest blog post.

Related subdomains finder

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Little Bug Bounty & Hacking Tools⚔️

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Webshell Manager

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A curated list of various bug bounty tools

DNS-Discovery is a multithreaded subdomain bruteforcer.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Automated NoSQL database enumeration and web application exploitation tool.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Find cloud assets that no one wants exposed 🔎 ☁️

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Awesome cloud enumerator

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Pentest: Subdomains enumeration tool for penetration testers.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Turn your VPS into an attack box

all manner of wordlists

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Information Security Library

goverview - Get an overview of the list of URLs

A collection of some of my scripts

sub domain wild card filtering tool

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

This document proposes a way of standardising the structure, language, and grammar used in security policies.

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

XSS in pastebin.com and reddit.com via unsanitized markdown output

Misc. Public Reports of Penetration Testing and Security Audits.

An OSINT Metadata analyzing tool that filters through tags and creates reports

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Dashboard to collect, analyze, and respond to reported phishing emails.