1117 Open source projects that are alternatives of or similar to Metabigor

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A tool to hunt for publicly accessible DigitalOcean Spaces

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Web path scanner

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Selenium powered Python script to automate searching for vulnerable web apps.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Port scanning and domain utility.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Hetty is an HTTP toolkit for security research.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

An OSINT tool to find contacts in order to report security vulnerabilities.

Subdomain Takeover tool written in Go

A Tool for Domain Flyovers

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Do some quick reconnaissance on a domain-based web-application

OSINT

Awesome cloud enumerator

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Extracting URLs of a specific target based on the results of "commoncrawl.org"

Related subdomains finder

OSINT Swiss Army Knife

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Links for the OSINT Team

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

XSS in pastebin.com and reddit.com via unsanitized markdown output

This document proposes a way of standardising the structure, language, and grammar used in security policies.

sub domain wild card filtering tool

Nuubi Tools (Information-ghatering|Scanner|Recon.)

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Misc. Public Reports of Penetration Testing and Security Audits.

Python 3.5+ DNS asynchronous brute force utility

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

No description or website provided.

Yet Another PHP Shell - The most complete PHP reverse shell

🦄🔒 Awesome list of secrets in environment variables 🖥️

Idiomatic nmap library for go developers

Extract endpoints from APK files

Astra is a tool to find URLs and secrets inside a webpage/files

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

An advanced tool for email reconnaissance

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

swiss army knife for hackers

Fully automated offensive security framework for reconnaissance and vulnerability scanning

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

A MongoDB importer and API for Project Sonars DNS datasets