LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+943.04%)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+232.31%)
RevshellgenReverse shell generator written in Python 3.
Stars: ✭ 190 (-78.31%)
EvilscanNodeJS Simple Network Scanner
Stars: ✭ 428 (-51.14%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-55.59%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+108.22%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-81.51%)
Ssh Mitmssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (-61.76%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (-59.02%)
XattackerX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+2.4%)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (-11.53%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-75.34%)
Doublepulsar Detection ScriptA python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
Stars: ✭ 977 (+11.53%)
Jsprimea javascript static security analysis tool
Stars: ✭ 556 (-36.53%)
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (-86.3%)
PbscanFaster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.
Stars: ✭ 122 (-86.07%)
Security ScriptsA collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
Stars: ✭ 188 (-78.54%)
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+909.59%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (-67.12%)
BanditBandit is a tool designed to find common security issues in Python code.
Stars: ✭ 3,763 (+329.57%)
KatanaA Python Tool For google Hacking
Stars: ✭ 355 (-59.47%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (-49.66%)
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-40.98%)
ChangemeA default credential scanner.
Stars: ✭ 928 (+5.94%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (-18.38%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-58.56%)
EsdEnumeration sub domains(枚举子域名)
Stars: ✭ 785 (-10.39%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-61.19%)
GitgotSemi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+10.05%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-51.26%)
Pentest ChainsawScrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product
Stars: ✭ 36 (-95.89%)
OssaOpen-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (-9.13%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-88.01%)
GorshA Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
Stars: ✭ 97 (-88.93%)
GsilGitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Stars: ✭ 1,764 (+101.37%)
Intrigue IdentApplication and Service Fingerprinting
Stars: ✭ 70 (-92.01%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+214.84%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-81.51%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-76.37%)
CobraSource Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+219.86%)
Salt ScannerLinux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Stars: ✭ 261 (-70.21%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-71%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+342.12%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (-35.39%)
Golang TlsSimple Golang HTTPS/TLS Examples
Stars: ✭ 857 (-2.17%)
ProcuratorSocks5 server and client, utilizing epoll only.
Stars: ✭ 18 (-97.95%)
SecretscannerFind secrets and passwords in container images and file systems
Stars: ✭ 895 (+2.17%)
Nginx Tutorial这是一个 Nginx 极简教程,目的在于帮助新手快速入门 Nginx。
Stars: ✭ 845 (-3.54%)
Proxy ScraperProxy-Scraper is simple Perl script for scraping proxies from multiple websites.
Stars: ✭ 24 (-97.26%)
Node Procedural AsyncWrite procedural style code that runs asynchronously. It may look synchronous, but it's not!
Stars: ✭ 17 (-98.06%)
SwaddleAutomagically create API clients/wrappers in JavaScript
Stars: ✭ 23 (-97.37%)
Deprecated Patrol Rules AwsA set of functions implemented using lambda-cfn to monitor an organization's AWS infrastructure for best practices, security and compliance.
Stars: ✭ 16 (-98.17%)
Bbc RssBBC iPlayer programmes / Nitro API to RSS adaptor app
Stars: ✭ 10 (-98.86%)
Censys RubyRuby API client for the Censys internet-wide network-scan search engine
Stars: ✭ 8 (-99.09%)