871 Open source projects that are alternatives of or similar to Race The Web

All-in-one tool for managing vulnerability reports from AppSec pipelines

An OSINT Metadata analyzing tool that filters through tags and creates reports

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Webshell Manager

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A default credential scanner.

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

Cameradar hacks its way into RTSP videosurveillance cameras

Tool made to automate tasks of pentesting.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Additional Resources For Securing The Stack Tutorials

Most usable tools for iOS penetration testing

A collection of awesome security hardening guides, tools and other resources

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

An application to assist in the organization and prioritization of software security activities.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Find cloud assets that no one wants exposed 🔎 ☁️

A Tool for Domain Flyovers

Some good resources for getting started with application security

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Common password pattern generator using strings list

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

A Blazing fast Security Auditing tool for Kubernetes

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Secure, human-friendly, cross-platform secrets and config.

Web path scanner

protocol fuzzing toolkit

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

DeimosC2 is a Golang command and control framework for post-exploitation.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

The Swiss Army knife for automated Web Application Testing

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

Next generation web scanner

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Dashboard to collect, analyze, and respond to reported phishing emails.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

w3af: web application attack and audit framework, the open source web vulnerability scanner.

🤖 The Modern Port Scanner 🤖

WebMap-Nmap Web Dashboard and Reporting

👻Impost3r -- A linux password thief

myscan 被动扫描

Toolbox containing research notes & PoC code for weaponizing .NET's DLR

Build and orchestrate your development environments with LXD - a.k.a. Vagrant is Too Heavy™

yq is a portable command-line YAML processor

Store data in a simple and secure way

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Snyk's public vulnerability database

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

Python 3.5+ DNS asynchronous brute force utility

Secure, Unified, Powerful and Extensible Rust Android Analyzer