1674 Open source projects that are alternatives of or similar to Rapidscan

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

A list of web application security

A curated list of vulnerable web applications.

Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.

Hourly updated database of exploit and exploitation reports

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

A curated list of awesome OSCP resources

Secure, Unified, Powerful and Extensible Rust Android Analyzer

Application and Service Fingerprinting

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Notes from OSCP, CTF, security adventures, etc...

Don't let buffer overflows overflow your mind

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.

Web path scanner

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Web-based Source Code Vulnerability Scanner

Powerful Visual Subdomain Enumeration at the Click of a Mouse

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Intelligence and Reconnaissance Package/Bundle installer.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

WEB SERVICE SECURITY ASSESSMENT TOOL

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

hacker, ready for more of our story ! 🚀

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Sifter aims to be a fully loaded Op Centre for Pentesters

Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

NodeJS Simple Network Scanner

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Agent scanner for vulners.com

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

红队综合渗透框架

Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images

Automated script to run all modules for a specified list of domains, netblocks or company name

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Pentest: Subdomains enumeration tool for penetration testers.

A collection of my quick and dirty scripts for vulnerability POC and detections

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

an asynchronous target enumeration tool

A collection of resources I'm using while working toward the OSCP

SQL Injection Payload List

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

A Docker container for remote penetration testing.

Remote command execution vulnerability scanner for Log4j.

Hacking Toolkit

Top 100 Hacking & Security E-Books (Free Download)

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473