343 Open source projects that are alternatives of or similar to reFlutter

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Scanning APK file for URIs, endpoints & secrets.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Intentionally vulnerable Android application.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

Host Header Injection Checker

Simultaneously execute various subdomain enumeration tools and aggregate results.

a Go code to detect leaks in JS files via regex patterns

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

Django application that performs SAST and Malware Analysis for Android APKs

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

sub domain wild card filtering tool

CloudFlare Checker written in Go

One-click installer for Frida and Burp certs for SSL Pinning bypass

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Framework for rapid development and reusable of security tools

No description or website provided.

An efficient multi-threaded DNS resolver validator

HTTP fuzzer engine security oriented

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Misc. Public Reports of Penetration Testing and Security Audits.

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

GSM Assessment Toolkit - A security evaluation framework for GSM networks

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

BugBounty Tool

Domain availbility checker

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

XSS in pastebin.com and reddit.com via unsanitized markdown output

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Yet Another PHP Shell - The most complete PHP reverse shell

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

Reconness Agents Script

Para pencari bug / celah kemanan bisa bergabung.

Do some quick reconnaissance on a domain-based web-application

Pentesting/Bugbounty Dockerfiles.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

log for articles and info in android for every developer

A Tool for Domain Flyovers

No description or website provided.

Kubernetes Scanner

Running nuclei Continuously

Nuubi Tools (Information-ghatering|Scanner|Recon.)

Security tool to quickly audit Public Box files and folders.