889 Open source projects that are alternatives of or similar to Leakscraper

A tool to hunt for publicly accessible DigitalOcean Spaces

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Data leak checker & OSINT Tool

Selenium powered Python script to automate searching for vulnerable web apps.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Burp Suite extension to discover assets from HTTP response.

Tactics, Techniques, and Procedures

Python 3.5+ DNS asynchronous brute force utility

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

E-mails, subdomains and names Harvester - OSINT

OSINT Tool: Generate username lists for companies on LinkedIn

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Red Teaming Tactics and Techniques

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

This repository contains full code examples from the book Gray Hat C#

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

🚀 Fast Port Scanner 🚀

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

The all-in-one Red Team extension for Web Pentester 🛠

A passive subdomain finder

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

Twitter Intelligence OSINT project performs tracking and analysis of the Twitter

Test Blue Team detections without running any attack.

#OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

Code from Blackhat Python book

Awesome Nmap Grep

⚠️WARNING: This project now become part of https://github.com/j3ssie/Metabigor project

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

AWS Identity and Access Management Visualizer and Anomaly Finder

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

PowerShell module for KeePass

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

[POC] Asynchronous reverse shell using the HTTP protocol.

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

A Virtual environment for Pentesting IoT Devices

web-based OSINT and reconaissance toolkit

Yar is a tool for plunderin' organizations, users and/or repositories.

fully automated pentesting tool

Hawkeye filesystem analysis tool

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

OSINT username checker. Collect a dossier on a person by username from a huge number of sites.

Linux and Windows shellcode enrichment utility

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A unified console to perform the "kill chain" stages of attacks.

🔐 Docker Container for Penetration Testing & Security

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Modules for expansion services, import and export in MISP

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.

RubberDucky like payloads for DigiSpark Attiny85

Don't Just Search OSINT. Sweep It.

An OSINT tool to find contacts in order to report security vulnerabilities.