637 Open source projects that are alternatives of or similar to Qsfuzz

A list to discover work of red team tooling and methodology for penetration testing and security assessment

🎯 SQL Injection Payload List

Urls de-duplication tool for better recon.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

A collected list of awesome security talks

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

cve-search - a tool to perform local searches for known vulnerabilities

An OSINT Metadata analyzing tool that filters through tags and creates reports

Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read

Change monitoring app that checks the content of web pages in different periods.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Community curated list of templates for the nuclei engine to find security vulnerabilities.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Automation for javascript recon in bug bounty.

A curated list of awesome social engineering resources.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Fuzzer for Linux Kernel Drivers

Extract API keys from file or url using by magic of python and regex.

🔺 Red Team Hardware Toolkit 🔺

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

A note-taking macOS app for penetration-testers.

This repository created for personal use and added tools from my latest blog post.

A collection of various GitHub gists for hackers, pentesters and security researchers

Infosec Wordlists

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

Exploitation Framework for Embedded Devices

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

internet monitoring osint telegram bot for windows

PHP Security Check List [ EN ] 🌋 ☣️

A fast http and https prober, to check which URLs are alive

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Pentest/BugBounty progress control with scanning modules

Offensive tools as Dockerfiles. Lightweight & Ready to go

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Gorsair hacks its way into remote docker containers that expose their APIs

Cross-site scripting labs for web application security enthusiasts

Extract server and IP address information from Browser SSRF

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

A Python implementation that facilitates finding timeless timing attack vulnerabilities.

Webshell Manager

FAME Automates Malware Evaluation

Demonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.

Security Tool to Look For Interesting Files in S3 Buckets

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

OWASP Honeypot, Automated Deception Framework.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Advanced and easy to use penetration testing framework 💣🔎

Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.

asset-scan是一款适用甲方企业的外网资产周期性扫描监控系统

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

🎯 Command Injection Payload List

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A curated list of various bug bounty tools