637 Open source projects that are alternatives of or similar to Qsfuzz

Secret and/ credential patterns used for gf.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

OSS Vulnerability Scanner for Windows Platform

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Windows one line commands that make life easier, shortcuts and command line fu.

PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>

Awesome Vulnerable Applications

Python library and CLI for the Bug Bounty Recon API

Detect silent (unwanted) changes to files on your system

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Poor (rich?) man's bug bounty pipeline

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

A medium interaction printer honeypot 🍯

🔓 A dynamic dictionary merger for successful dictionary based attacks.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Automated NoSQL database enumeration and web application exploitation tool.

Exploit Development, Reverse Engineering & Cryptography

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Wireshark Cheat Sheet

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Notes Taken for HTB Machines & InfoSec Community.

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

cve-search - a tool to perform local searches for known vulnerabilities

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Advanced vulnerability scanning with Nmap NSE

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

🔺 Red Team Hardware Toolkit 🔺

Monitoring GitLab for sensitive data shared publicly

A note-taking macOS app for penetration-testers.

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Security checks pack for Burp Suite

internet monitoring osint telegram bot for windows

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A tool to hunt for publicly accessible DigitalOcean Spaces

Cross-site scripting labs for web application security enthusiasts

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

Agile Threat Modeling Toolkit

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

OWASP Honeypot, Automated Deception Framework.

A permutation generation tool written in golang

Your Google Recon is Now Automated

CVE-2017-9506 - SSRF

EternalView is an all in one basic information gathering and vulnerability assessment tool

Cross Origin Resource Sharing MisConfiguration Scanner

Monitoring your Slack workspaces for sensitive information

The unofficial HackerOne disclosure Timeline

💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

A tool to automate the boring process of APK recon

Tutorials and Things to Do while Hunting Vulnerability.

Wazuh - The Open Source Security Platform

Yar is a tool for plunderin' organizations, users and/or repositories.

A python script that finds endpoints in JavaScript files