1048 Open source projects that are alternatives of or similar to Htrace.sh

Now WebAssembly has proper testing, unit-testing and debugging 🤗

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Nmap NSE scripts

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

My collection of nmap nse modules

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

network visualization & vulnerability management/reporting

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

Nmap and NSE command line wrapper in the style of Metasploit

Web Net Tools is a web frontend for some useful command line tooling. It provides especially an web frontend for tools like testssl.sh and nmap.

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

This repository created for personal use and added tools from my latest blog post.

Advanced vulnerability scanning with Nmap NSE

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

🤖 The Modern Port Scanner 🤖

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

HTTP requests collector to test webhooks, notifications, REST clients and more ...

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Automatic Enumeration Tool based in Open Source tools

Next generation web scanner

Web-based Source Code Vulnerability Scanner

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A Comprehensive Coverage Testing System for The Go Programming Language

A tool for identifying misconfigured CloudFront domains

Collaborative malware analysis framework

secureCodeBox (SCB) - continuous secure delivery out of the box

Help building an adaptive and fine-grained pod security policy

The PHP Unit Testing framework.

OSINT

Man pages for HTTP status codes

A Deep Graph-based Toolbox for Fraud Detection

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Automatically generate Go test boilerplate from your source code.

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

An automated target reconnaissance pipeline.

A system that may trick hackers. 一个也许能骗到黑客的系统。

A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

A curated collection of awesome blog articles, books, talks, podcasts, tools/frameworks and examples.

中国最大的API接口管理平台，3.x开源发行版，支持多国语言[英语、简体中文、繁体中文]

Search for Directory Traversal Vulnerabilities

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

Android app to create home screen shortcuts that trigger arbitrary HTTP requests

Padrino is a full-stack ruby framework built upon Sinatra.

🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

🚀 A Simple API Gateway for Building Security and Flexible Microservices.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Bandit is a tool designed to find common security issues in Python code.

Powerful, elegant and flexible test framework for Kotlin with additional assertions, property testing and data driven testing

NERVE Continuous Vulnerability Scanner

Modlishka. Reverse Proxy.

Credentials catching honeypot