640 Open source projects that are alternatives of or similar to Progpilot

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Open source application to instantly remediate common security issues through the use of AWS Config

Greenbone Vulnerability Manager

Security scanner for your Terraform code

Allows old code to use new standards

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

NebulousAD automated credential auditing tool.

Linux post exploitation privilege escalation enumeration

The request.bin of DNS request

Code Climate CLI

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Tool made to automate tasks of pentesting.

memory search and patch tool on debuggable apk without root & ndk

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

The leading static analyzer for Perl. Configurable, extensible, powerful.

A Virtual environment for Pentesting IoT Devices

Hyuga 一个用来记录DNS查询和HTTP请求的监控工具。

Endpoint detection & Malware analysis software

Custom memory allocator that helps discover reads from uninitialized memory

Identify hardcoded secrets and dangerous behaviours

Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.

Extract uncompiled, uncompressed SPA code from Webpack source maps.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

⚗️ Adds code analysis to Laravel improving developer productivity and code quality.

A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Exploit management framework

Patch-level verification for Bundler

ESLint Config for JavaScript Standard Style

SD-WAN security and insecurity

Static program analysis for TIP

☕️ PMD Plugin for SonarQube

Policeman's Forbidden API Checker

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

Search exposed EBS volumes for secrets

A Central Control Plane for AWS Permissions and Access

Collection of PowerShell network security scripts for system administrators.

Intelligence and Reconnaissance Package/Bundle installer.

🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021

Manage translation and localization with static analysis, for Ruby i18n

A Binary Ninja plugin for vulnerability research.

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

The full story of the CLR implementation of Meterpreter

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

The dum^H^H^Hsimplest encryption tool in the world.

Fuzz your Rust code with Google-developed Honggfuzz !

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

安全编排与自动化响应平台

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Automated NoSQL database enumeration and web application exploitation tool.

🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!

Username enumeration and password spraying tool aimed at Microsoft O365.