663 Open source projects that are alternatives of or similar to Natlas

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

Offensive Security recon tool

apkizer is a mass downloader for android applications for all available versions.

GitHub Recon — and what you can achieve with it!

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Automated Web Recon Shell Scripts

Octopus - Network Scan/Infos & Web Scan

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Change monitoring app that checks the content of web pages in different periods.

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

An automated target reconnaissance pipeline.

Tool to automate recon

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.

A distributed nmap / masscan scanning framework complete with an API client for automation workflows

Scan only once by IP address and reduce scan times with Nmap for large amounts of data.

🤖 The Modern Port Scanner 🤖

network reconnaissance toolkit

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.

Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

👀 Some of my favorite OSINT tools.

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

asnap aims to render recon phase easier by providing updated data about which companies owns which ipv4 or ipv6 addresses and allows the user to automate initial port and service scanning.

OSINT

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

A collection of all the data i could extract from 1 billion leaked credentials from internet.

A collected list of awesome security talks

Search Nmap and Metasploit scanning scripts.

EKOLABS esta dedicada para investigadores independientes y para la comunidad del Software Libre. Vamos a proveer de stands completos con monitor, alimentacion de energia y acceso a internet por cable, y vos vas a traer tu maquina para mostrar tu trabajo y responder preguntas de los participantes de Ekoparty Security Conference

[DEPRECATED] Enables remote scanning in WiFi Explorer Pro

Dorothy is a tool to test security monitoring and detection for Okta environments

Extract subdomains from SSL certificates in HTTPS sites.

🎯 XML External Entity (XXE) Injection Payload List

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

Misc. Public Reports of Penetration Testing and Security Audits.

DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Parse nmap scan data with Perl (official repo)

The fastest dork scanner written in Go.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

A very loud but fast recon scan and pentest template creator for use in CTF's/OSCP/Hackthebox...

This repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Advanced Graphical User Interface for NMap

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Awesome cloud enumerator

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Designed to be installed on a fresh install of raspbian on a raspberry pi, by combining Respounder (Responder detection) and Artillery (port and service spoofing) for network deception, this tool allows you to detect an attacker on the network quickly by weeding out general noisy alerts with only those that matter.

List of my talks and workshops: security engineering, applied cryptography, secure software development

Writeups of CTF challenges

nmap service and application version detection (without nmap installation)