EsdEnumeration sub domains(枚举子域名)
Stars: ✭ 785 (+149.21%)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+824.13%)
yandi-scannerNetwork Security Vulnerability Scanner
Stars: ✭ 110 (-65.08%)
BanditBandit is a tool designed to find common security issues in Python code.
Stars: ✭ 3,763 (+1094.6%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-19.37%)
EvilscanNodeJS Simple Network Scanner
Stars: ✭ 428 (+35.87%)
XattackerX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+184.76%)
BrutedetGeneralized proof of concept tool which can be used for drop-in bruteforce protection when needed.
Stars: ✭ 5 (-98.41%)
Doublepulsar Detection ScriptA python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
Stars: ✭ 977 (+210.16%)
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (-61.9%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (+7.94%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+13.97%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+35.56%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+17.46%)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+146.03%)
OssaOpen-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+152.7%)
Golang TlsSimple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+172.06%)
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (+64.13%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-66.67%)
ArchivefuzzHunt down the secrets from the WebArchives for Fun and Profit
Stars: ✭ 108 (-65.71%)
Horn3tPowerful Visual Subdomain Enumeration at the Click of a Mouse
Stars: ✭ 120 (-61.9%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+479.05%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-48.57%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (-8.57%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-34.29%)
Recon RavenReconnaissance tool of Penetration test & Bug Bounty
Stars: ✭ 18 (-94.29%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+15.24%)
Security ScriptsA collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
Stars: ✭ 188 (-40.32%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+1129.52%)
LadongoLadon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (+16.19%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (+40%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-31.43%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+126.98%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+79.68%)
Jsprimea javascript static security analysis tool
Stars: ✭ 556 (+76.51%)
CobraSource Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+789.52%)
ChangemeA default credential scanner.
Stars: ✭ 928 (+194.6%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+190.48%)
GitgotSemi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+206.03%)
Intrigue IdentApplication and Service Fingerprinting
Stars: ✭ 70 (-77.78%)
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+2707.62%)
Scilla🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-63.17%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+2800.63%)
GsilGitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Stars: ✭ 1,764 (+460%)
PbscanFaster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.
Stars: ✭ 122 (-61.27%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-48.57%)
Pentest ChainsawScrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product
Stars: ✭ 36 (-88.57%)
LimitrrLight NodeJS rate limiting and response delaying using Redis - including Express middleware.
Stars: ✭ 203 (-35.56%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+775.56%)
urlbruteDirectory/Subdomain scanner developed in GoLang.
Stars: ✭ 37 (-88.25%)
Salt ScannerLinux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Stars: ✭ 261 (-17.14%)
Traitor⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
Stars: ✭ 3,473 (+1002.54%)
Lyncsmashlocate and attack Lync/Skype for Business
Stars: ✭ 258 (-18.1%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-7.3%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+976.51%)