830 Open source projects that are alternatives of or similar to Isthislegit

All-in-one tool for managing vulnerability reports from AppSec pipelines

An OSINT Metadata analyzing tool that filters through tags and creates reports

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Infection Monkey - An automated pentest tool

A Blazing fast Security Auditing tool for Kubernetes

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

Python script to hunt phishing kits

Webshell Manager

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

DeimosC2 is a Golang command and control framework for post-exploitation.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Most usable tools for iOS penetration testing

Simple script that checks a domain for email protections

Monitor Certificate Transparency Logs For Phishing Domains

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Hardening Ubuntu. Systemd edition.

Cameradar hacks its way into RTSP videosurveillance cameras

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

protocol fuzzing toolkit

Common password pattern generator using strings list

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Find cloud assets that no one wants exposed 🔎 ☁️

安全编排与自动化响应平台

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Performing security tests inside your CI

Golang security checker

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A collection of awesome security hardening guides, tools and other resources

a tool to analyze filesystem images for security

A default credential scanner.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

The Swiss Army knife for automated Web Application Testing

Tool for complete hardening of Linux boot chain with UEFI Secure Boot

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

Explore Indicators of Compromise Automatically

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Trigram database written in C++, suited for malware indexing

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

NebulousAD automated credential auditing tool.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Web application vulnerability scanner

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Tool made to automate tasks of pentesting.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

HackerOne "in scope" domains