650 Open source projects that are alternatives of or similar to PandorasBox

Boxer: A fast directory bruteforce tool written in Python with concurrency.

A Docker container for remote penetration testing.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Yet Another PHP Shell - The most complete PHP reverse shell

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Host Header Injection Checker

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

My personal bug bounty toolkit.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Free Security and Hacking eBooks

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A Tool for Domain Flyovers

A MongoDB importer and API for Project Sonars DNS datasets

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Awesome Vulnerable Applications

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Web path scanner

Automated NoSQL database enumeration and web application exploitation tool.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Penetration tests guide based on OWASP including test cases, resources and examples.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Pentest: Subdomains enumeration tool for penetration testers.

Security Tool to Look For Interesting Files in S3 Buckets

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

BugBounty Tool

a Go code to detect leaks in JS files via regex patterns

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

Web App Pen Tester (Web Interface)

XSS in pastebin.com and reddit.com via unsanitized markdown output

One-click installer for Frida and Burp certs for SSL Pinning bypass

Reconness Agents Script

My notes on PentesterLab's Bootcamp series 🕵️

An efficient multi-threaded DNS resolver validator

Pentesting/Bugbounty Dockerfiles.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Do some quick reconnaissance on a domain-based web-application

No description or website provided.

No description or website provided.

Nuubi Tools (Information-ghatering|Scanner|Recon.)

This script will you help to find the information about the website and to help in penetrating testing

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Oracle Database Penetration Testing Reference (10g/11g)

link is a command and control framework written in rust