1534 Open source projects that are alternatives of or similar to Purify

博客V3.0 目前使用的技术(Nuxtjs + Nestjs + Vue + Element ui + vuetify)，存储(MongoDB + Redis + COS)

Misc. Public Reports of Penetration Testing and Security Audits.

A Tool for Domain Flyovers

⚡️ Docker official image for Wallarm Node. API security platform agent.

Starter project for nuxtjs and nestjs all in one integrated.

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Enables and use of the concept of security in your Delphi applications

SQL Injection Payload List

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

IAST 灰盒扫描工具

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Scripts to gather system configuration information for offline/remote auditing

Some good resources for getting started with application security

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

YARA malware query accelerator (web frontend)

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Next generation web scanner

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

The Swiss Army knife for automated Web Application Testing

Tool for complete hardening of Linux boot chain with UEFI Secure Boot

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

The fastest dork scanner written in Go.

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.

ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

🔎 shodansploit > v1.3.0

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

An OSINT Metadata analyzing tool that filters through tags and creates reports

Performing security tests inside your CI

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Pentest Report Generator

Linux命令转发记录

Golang security checker

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Dradis Framework: Colllaboration and reporting for IT Security teams

DeimosC2 is a Golang command and control framework for post-exploitation.

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Most usable tools for iOS penetration testing

Infection Monkey - An automated pentest tool

A collection of awesome security hardening guides, tools and other resources

Hacking Toolkit

红队综合渗透框架

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Awesome PHP Security Resources 🕶🐘🔐

InQL - A Burp Extension for GraphQL Security Testing

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

被动式漏洞扫描系统