903 Open source projects that are alternatives of or similar to Oneforall

Evildork targeting your fiancee👁️

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

Iota is a web scraper which can find all of the images and links/suburls on a webpage

Collection of best practices to add OSINT into MISP and/or MISP communities

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Converting data from services like Censys and Shodan to a common data model

A tool for generating reverse shell payloads on the fly.

open-source intelligence gathering for SIEMs <3

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

🦄🔒 Awesome list of secrets in environment variables 🖥️

onedrive user enumeration - pentest tool to enumerate valid onedrive users

The Most Powerful Fake Page Redirecting tool...

sub domain wild card filtering tool

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

Search shodan without any knowledge about its queries

Unofficial WhatCMS API package

Ansible Playbook for setting up Datasploit

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Toolset for detecting reflected xss in websites

A Gatsby plugin which adds strict Content Security Policy to your project.

findCDN is a tool created to help accurately identify what CDN a domain is using.

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

Search for Directory Traversal Vulnerabilities

Automated Google dorking with custom search engines

The fastest dork scanner written in Go.

Infosec Wordlists

a Go code to detect leaks in JS files via regex patterns

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

Rustcat(rcat) - The modern Port listener and Reverse shell

Collect email addresses by crawling search engine results.

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Manages application of security headers with many safe defaults

Uses viewdns.info to perform a reverse NS lookup on a specified nameserver and attempts zone transfers on discovered domains

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Para pencari bug / celah kemanan bisa bergabung.

This Python script can be used to bypass IP source restrictions using HTTP headers.

Quick SQL Scanner, Dorker, Webshell injector PHP

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Nuclei Templates to reproduce Cracking the lens's Research

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

🔎 Find usernames across social networks.

A collection of useful links for Pentesters

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)

Framework for rapid development and reusable of security tools

Small but effective wordlist for brute-forcing and discovering hidden things.

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

Simple and lightweight Koa middleware to handle multilevel and wildcard subdomains

Ruby based reverse IP-lookup tool.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

🖖 Fast, modern, easy-to-use network scanner

Unofficial Command Line Interface for OpenCorporates

HTTP fuzzer engine security oriented

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Advanced Search for Twitter.

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Maltego compilation of various assets, local transforms and helpful scripts