1956 Open source projects that are alternatives of or similar to Osmedeus

WARF is a Web Application Reconnaissance Framework that helps to gather information about the target.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Web Recon & Exploitation Tool.

Do some quick reconnaissance on a domain-based web-application

Official Black Hat Arsenal Security Tools Repository

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

Advanced and easy to use penetration testing framework 💣🔎

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

It's a Docker Environment for pentesting which having all the required tool for VAPT.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

XSHOCK Shellshock Exploit

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Python 3.5+ DNS asynchronous brute force utility

Nmap and NSE command line wrapper in the style of Metasploit

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

🔎 Find usernames across social networks

This repository created for personal use and added tools from my latest blog post.

Information gathering tool - OSINT

Yet Another PHP Shell - The most complete PHP reverse shell

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

🤖 The Modern Port Scanner 🤖

Web application vulnerability scanner

In-depth Attack Surface Mapping and Asset Discovery

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

Enumerate information from NTLM authentication enabled web endpoints 🔎

Social media hunter

OSINT Tool: Generate username lists for companies on LinkedIn

🔎 Hunt down social media accounts by username across social networks

E-mails, subdomains and names Harvester - OSINT

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

BugBounty Tool

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

无状态子域名爆破工具

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Dark Web OSINT Tool

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

An OSINT Metadata analyzing tool that filters through tags and creates reports

Weaponizing Live CT logs for automated monitoring of assets

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Multi OTP Spam Amp/Paralell threads

Hunt down the secrets from the WebArchives for Fun and Profit

List of Awesome Asset Discovery Resources

The Offensive Manual Web Application Penetration Testing Framework.

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB.

Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

OnionSearch is a script that scrapes urls on different .onion search engines.

A tool to hunt for publicly accessible DigitalOcean Spaces

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Offensive tools as Dockerfiles. Lightweight & Ready to go

Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock