931 Open source projects that are alternatives of or similar to Pwnback

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

A REST API security testing framework.

Incredibly fast crawler designed for OSINT.

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Complete Listing and Usage of Tools used for Ethical Hacking

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

A tool for identifying misconfigured CloudFront domains

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Blockchain Transactions Investigation Tool

DNS-Discovery is a multithreaded subdomain bruteforcer.

secretz, minimizing the large attack surface of Travis CI

An ncurses-based Tox client (please make pull requests on the development fork: https://github.com/toktok/toxic)

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

⚠️WARNING: This project now become part of https://github.com/j3ssie/Metabigor project

A math-aware search engine.

An Unsupervised Graph-based Toolbox for Fraud Detection

This repository created for personal use and added tools from my latest blog post.

An application to assist in the organization and prioritization of software security activities.

Advanced Search for Twitter.

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Tool to automate common OSINT tasks

BitMagic Library

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Adds a customizable "Send to..."-context-menu to your BurpSuite.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Modules for expansion services, import and export in MISP

PoC tool to demonstrate vulnerabilities in wireless input devices

DeimosC2 is a Golang command and control framework for post-exploitation.

Automated cacert.pem management for PHP projects

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

基于BurpSuite的一款FOFA Pro 插件

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

This repository contains the Domain Discovery Tool (DDT) project. DDT is an interactive system that helps users explore and better understand a domain (or topic) as it is represented on the Web.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Automatically modelling and distilling knowledge within AI. In other words, summarising the AI research firehose.

NPRF: A Neural Pseudo Relevance Feedback Framework for Ad-hoc Information Retrieval

🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft (Azure), Oracle (Cloud) and DigitalOcean with daily updates.

snopf USB password token

Implementation of Wappalyzer in Python

Build A GUI For Xray，给Xray造一个GUI控制端。

A Python implementation of the BM25 ranking function.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Open Repository for the Open Security and Privacy Reference Architecture

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

A quick way to gather all the metadata about a video, playlist, or channel from the YouTube API.

Infoga - Email OSINT

A toolkit for Security Researchers

PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Convolutional neural network for analyzing pentest screenshots

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

🍿 The perfect Checklist Website for meticulous developers.

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Explore Indicators of Compromise Automatically