1036 Open source projects that are alternatives of or similar to Nightingale

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Yet Another PHP Shell - The most complete PHP reverse shell

Little Bug Bounty & Hacking Tools⚔️

Web path scanner

One-click installer for Frida and Burp certs for SSL Pinning bypass

Attack Surface Management Platform | Sn1perSecurity LLC

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A tool to test security of json web token

Credentials Checking Framework

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Multi source CVE/exploit parser.

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A list of web application security

Pentest: Subdomains enumeration tool for penetration testers.

A Tool for Domain Flyovers

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Penetration test Achieve Knowledge Unite Rapid Interface

Python script wrote to automate the process of generating various reverse shells.

Domain name permutation engine written in Go

My personal bug bounty toolkit.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Automated NoSQL database enumeration and web application exploitation tool.

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

备考 OSCP 的各种干货资料/渗透测试干货资料

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

🔐 Docker Container for Penetration Testing & Security

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Awesome Vulnerable Applications

A wrapper for Nmap to quickly run network scans

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

The LAZY script will make your life easier, and of course faster.

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

PowerShell payload generator

🔑 Hash type identifier (CLI & lib)

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Work in progress...

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

Extract endpoints marked as disallow in robots files to generate wordlists.

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Quick SQL Scanner, Dorker, Webshell injector PHP

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

JSON RSA to HMAC and None Algorithm Vulnerability POC

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

Related subdomains finder

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Boxer: A fast directory bruteforce tool written in Python with concurrency.