1066 Open source projects that are alternatives of or similar to reconmap

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

All-in-one tool for managing vulnerability reports from AppSec pipelines

🔐 Docker Container for Penetration Testing & Security

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Vulnerability Dashboard

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

Pentest: Subdomains enumeration tool for penetration testers.

Vulnerability Database | huntr.dev

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

A Tool for Domain Flyovers

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Web path scanner

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

GitBook: OSCP RoadMap

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Get GTFOBins info about a given exploit from the command line

Common password pattern generator using strings list

A collection of various awesome lists for hackers, pentesters and security researchers

Audit tool to find common vulnerabilities in PHP source code

Advanced vulnerability scanning with Nmap NSE

Find cloud assets that no one wants exposed 🔎 ☁️

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Code from Blackhat Python book

Cameradar hacks its way into RTSP videosurveillance cameras

Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

Penetration Testing Platform

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A collection of Ansible roles for automating infosec builds.

Penetration tests guide based on OWASP including test cases, resources and examples.

A default credential scanner.

Automated Security Testing For REST API's

A repository of tools for pentesting of restricted and isolated environments.

Wireshark Cheat Sheet

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

🆕 The Multi-Tool Web Vulnerability Scanner.

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Backend logic implementation for Vulnerability Management System

Multi source CVE/exploit parser.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

A collection of resources I'm using while working toward the OSCP

Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )

Related subdomains finder

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

A schema and set of tools for using SQL to query cloud infrastructure.

Script to spider a website and find publicly open S3 buckets

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Improve your code security by running different security checks/validation in a simple way.

Collection of several DDos tools.

Little Bug Bounty & Hacking Tools⚔️

A collection of my quick and dirty scripts for vulnerability POC and detections