827 Open source projects that are alternatives of or similar to Minimalistic Offensive Security Tools

A simple tool for interacting with OWASP ZAP from the commandline.

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A collection of Ansible roles for automating infosec builds.

Set of tools to audit SIP based VoIP Systems

Fast Modular Web Interfaces Bruteforcer

Cloud Security Posture Management (CSPM)

Open source all-in-one CLI tool to semi-automate pentesting.

Public PowerShell script gallery for ScriptRunner.

Find leaked secrets via github search

SSH man-in-the-middle tool

A fast web directory/file enumeration tool written in Rust

A collection of manifests that will create pods with elevated privileges.

🚀 Fast Port Scanner 🚀

A tool to test security of json web token

Multi Vagrant environment with Active Directory

This ansible role gets information from an AWS VPC and generate a graphical representation of security groups

Penetration tests guide based on OWASP including test cases, resources and examples.

Send encrypted PGP messages with one click

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Instagram password bruteforcer

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Audit Windows Security with best Practice

Unit testing framework for test driven security of AWS, GCP, Heroku and more.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)

GitBook: OSCP RoadMap

DDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file system of websites.. Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities.) Web Spider: For gathering web application hacking information. Email scraper: To get all emails related to a webpage IMDB Rating: Easy way to access the movie database. Both .exe(compressed as zip) and .py versions are available in files.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A toolkit of AD specific health checks that you can run in your environment to ensure your Active Directory is running optimally.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

Awesome hacking is an awesome collection of hacking tools.

Collection of the most common vulnerabilities found in iOS applications

JWT brute force cracker written in C

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Ethereum recon and exploitation tool.

Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

The Collective. A repo for a collection of red-team projects found mostly on Github.

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

A wrapper for Nmap to quickly run network scans

A collection of hacking / penetration testing resources to make you better!

A Common User Passwords generator script that looks like the tool Eliot used it in Mr.Robot Series Episode 01 :D :v

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

🔪 Leak git repositories from misconfigured websites

wooyun public information backup

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Penetration test Achieve Knowledge Unite Rapid Interface

Kubernetes Common Configuration Scoring System

The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments

Rate-limiting middleware for Koa2 ES6. Use to limit repeated requests to APIs and/or endpoints such as password reset.

🔄 A collection of mitmproxy inline scripts

An advanced graphical search engine for Exploit-DB

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

A place where I can create, collect and share tooling, resources and knowledge about information security.

Bonobo Git Server for Windows is a web application you can install on your IIS and easily manage and connect to your git repositories. Go to homepage for release and more info.

Don't let buffer overflows overflow your mind