640 Open source projects that are alternatives of or similar to Progpilot

Web Application recon automation

Code Climate CLI

Micro-framework for rapid development of reusable security tools

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

EmbedOS - Embedded security testing virtual machine

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

PHP Static Analysis Tool - discover bugs in your code without running it!

grep rough audit - source code auditing tool

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

An Active Defense and EDR software to empower Blue Teams

Tool made to automate tasks of pentesting.

A static analysis security vulnerability scanner for Ruby on Rails applications

ContainerSSH: Launch containers on demand

Find cloud assets that no one wants exposed 🔎 ☁️

a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

It's a simple tool for test vulnerability shellshock

Exploit Pack -The next generation exploit framework

memory search and patch tool on debuggable apk without root & ndk

Daemon to ban hosts that cause multiple authentication errors

Simplifying Seccomp enforcement in containerized or non-containerized apps

JAVA安全SDK及编码规范

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Common password pattern generator using strings list

Advanced reconnaissance utility

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

SonarSource Static Analyzer for JavaScript and TypeScript

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

scalastyle

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

OSSSM (awesome). Open source short-term secure messaging

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Awesome PHP Security Resources 🕶🐘🔐

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

The leading static analyzer for Perl. Configurable, extensible, powerful.

Webshell Manager

Hacking Toolkit

A Virtual environment for Pentesting IoT Devices

Penetrum LLC opensource security tool list.

Adversary Simulation Framework

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

Hyuga 一个用来记录DNS查询和HTTP请求的监控工具。

Fast CORS misconfiguration vulnerabilities scanner🍻

VOIP Security Audit Framework

A web front-end for password cracking and analytics

Endpoint detection & Malware analysis software

Linux命令转发记录

A note-taking macOS app for penetration-testers.

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

A ZigBee hacking toolkit by Bishop Fox

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

Tool to predict attacker groups from the techniques and software used

Feram finds & fixes bugs in your commits