752 Open source projects that are alternatives of or similar to Modlishka

Advanced and easy to use penetration testing framework 💣🔎

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

Next generation web scanner

Resources about network security, including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc。More than 1700 open source tools for now. Post incoming.

Simple script that checks a domain for email protections

Dashboard to collect, analyze, and respond to reported phishing emails.

MPS is a high-performance HTTP(S) proxy library that supports forward proxies, reverse proxies, man-in-the-middle proxies, tunnel proxies, Websocket proxies. MPS 是一个高性能HTTP(s)中间代理库，它支持正向代理、反向代理、中间人代理、隧道代理、Websocket代理

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

This repository created for personal use and added tools from my latest blog post.

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

🙃 Reverse Shell Cheat Sheet 🙃

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Framework for Man-In-The-Middle attacks

Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

YARA malware query accelerator (web frontend)

Mercure is a tool for security managers who want to train their colleague to phishing.

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Web Scan Lazy Tools - Python Package

IAST 灰盒扫描工具

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Automated cacert.pem management for PHP projects

Kubernetes RBAC static Analysis & visualisation tool

DEPRECATED, wifipumpkin3 -> https://github.com/P0cL4bs/wifipumpkin3

Credentials catching honeypot

An automated target reconnaissance pipeline.

Configurable API gateway that acts as a reverse proxy with a plugin system.

A lightweight microservice tool, turn your grpc|thrift APIs into HTTP APIs!

Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).

一键部署被墙网站反向代理; 免翻墙访问被禁网站

Hetty is an HTTP toolkit for security research.

INFINI-GATEWAY(极限网关), a high performance and lightweight gateway written in golang, for elasticsearch and his friends.

Fast and idiomatic client-driven REST APIs.

NERVE Continuous Vulnerability Scanner

Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

fast reverse-proxy

Web-based Source Code Vulnerability Scanner

Welcome to vDDoS, a HTTP(S) DDoS Protection Reverse Proxy. Thank you for using!

A REST API security testing framework.

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.

Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

Search for Directory Traversal Vulnerabilities

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

A tool for identifying misconfigured CloudFront domains

The Staff-Manager App Server for Enterprise Token Safe BOX

Man in the middle using Playwright

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

secureCodeBox (SCB) - continuous secure delivery out of the box

内网穿透，内网穿透代理服务器，商用内网穿透代理系统，内网穿透平台，内网穿透多用户会员系统。