830 Open source projects that are alternatives of or similar to Isthislegit

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

PROFESSIONAL TOOL ORIENTED IN THE RECREATION OF PHISHING WEBSITES SCENARIOS

AWS Identity and Access Management Visualizer and Anomaly Finder

Office for Mac Macro Payload Generator

Agile Threat Modeling Toolkit

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Endpoint detection & Malware analysis software

Erlang port of famous radamsa fuzzzer.

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Visualize network topologies and collect graph statistics based on pcap files

Username enumeration and password spraying tool aimed at Microsoft O365.

Micro-framework for rapid development of reusable security tools

A collection of public offensive and defensive security related scripts for InfoSec students.

It's a simple tool for test vulnerability shellshock

🔱 [ Phishing Made Easy ] 🔱 (In Beta)

pentest framework

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Your Everyday Threat Intelligence

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest

OWASP Honeypot, Automated Deception Framework.

light weight phishing framework with 18+ pages.

Tool to predict attacker groups from the techniques and software used

Wireshark Cheat Sheet

PacBot (Policy as Code Bot)

Generate Professional Phishing Emails Fast And Easy

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

Open source all-in-one CLI tool to semi-automate pentesting.

An ncurses-based Tox client (please make pull requests on the development fork: https://github.com/toktok/toxic)

Extract uncompiled, uncompressed SPA code from Webpack source maps.

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Distributed alerting for the masses!

Awesome Java Security Resources 🕶☕🔐

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

Search exposed EBS volumes for secrets

A static analysis tool for security

Hawkeye filesystem analysis tool

OSSSM (awesome). Open source short-term secure messaging

Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security

A Machine Learning approach for classifying a file as Malicious or Legitimate

An experimental phishing kit detection tool

PHP安全SDK及编码规范

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Monitoring GitLab for sensitive data shared publicly

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

Intelligence and Reconnaissance Package/Bundle installer.

Build A GUI For Xray，给Xray造一个GUI控制端。

A note-taking macOS app for penetration-testers.

ESLint security plugin for Node.js

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

Exploitation Framework for Embedded Devices

Exein core for Linux based firmware

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Monitoring your Slack workspaces for sensitive information

A PowerShell armoury for penetration testers or other random security guys

Phishing Campaign Toolkit