737 Open source projects that are alternatives of or similar to Pentest Chainsaw

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

A default credential scanner.

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Web Scan Lazy Tools - Python Package

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

Golang安全资源合集

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

Simple Golang HTTPS/TLS Examples

Dashboard to collect, analyze, and respond to reported phishing emails.

🆕 The Multi-Tool Web Vulnerability Scanner.

DeimosC2 is a Golang command and control framework for post-exploitation.

NodeJS Simple Network Scanner

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Find cloud assets that no one wants exposed 🔎 ☁️

A Blazing fast Security Auditing tool for Kubernetes

Source Code Security Audit (源代码安全审计)

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Web application vulnerability scanner

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Most usable tools for iOS penetration testing

kube-scan: Octarine k8s cluster risk assessment tool

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Tool made to automate tasks of pentesting.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

Cameradar hacks its way into RTSP videosurveillance cameras

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Official Black Hat Arsenal Security Tools Repository

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Kubernetes RBAC static Analysis & visualisation tool

Bandit is a tool designed to find common security issues in Python code.

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Open-Source Security Architecture | 开源安全架构

Secure, Unified, Powerful and Extensible Rust Android Analyzer

Enumeration sub domains(枚举子域名)

🔎 shodansploit > v1.3.0

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

A Machine Learning approach for classifying a file as Malicious or Legitimate

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

a javascript static security analysis tool

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

A collection of awesome security hardening guides, tools and other resources

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

protocol fuzzing toolkit

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Security scanner coordinator

InQL - A Burp Extension for GraphQL Security Testing

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.