637 Open source projects that are alternatives of or similar to Qsfuzz

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

All about bug bounty (bypasses, payloads, and etc)

grep rough audit - source code auditing tool

Common password pattern generator using strings list

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

🎯 Server Side Template Injection Payloads

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

被动式漏洞扫描系统

Automated Red Team Infrastructure deployement using Docker

Penetration tests guide based on OWASP including test cases, resources and examples.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

OSS Vulnerability Scanner for Windows Platform

Command line tool for testing CRLF injection on a list of domains.

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

PatrowlHears - Vulnerability Intelligence Center / Exploits

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>

Bloodhound for Blue and Purple Teams

The Offensive Manual Web Application Penetration Testing Framework.

Dradis Framework: Colllaboration and reporting for IT Security teams

Awesome Vulnerable Applications

Fast web fuzzer written in Go

A Python3 based single-file subdomain enumerator

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

🎯 SQL Injection Payload List

DeimosC2 is a Golang command and control framework for post-exploitation.

Random Tools for Bug Bounty

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Poor (rich?) man's bug bounty pipeline

🐛 Malware Sinkhole List in various formats

Urls de-duplication tool for better recon.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Generates combination of domain names from the provided input.

An advanced tool for email reconnaissance

Wazuh - Project documentation

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read

🐞 Primitive Erlang Security Tool

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Automated NoSQL database enumeration and web application exploitation tool.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Change monitoring app that checks the content of web pages in different periods.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Community curated list of templates for the nuclei engine to find security vulnerabilities.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Badges for your GitHub tool presented at InfoSec Conference

Writeups for infosec Capture the Flag events by team Galaxians

Wireshark Cheat Sheet

A collection of various GitHub gists for hackers, pentesters and security researchers

Exploitation Framework for Embedded Devices

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

Offensive tools as Dockerfiles. Lightweight & Ready to go

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Gorsair hacks its way into remote docker containers that expose their APIs

Webshell Manager