2043 Open source projects that are alternatives of or similar to Rengine

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.

A web front-end for password cracking and analytics

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Command line tool that allows you to explore IoT devices by using Shodan API.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

A Powerful Subdomain Takeover Tool

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

A collection of awesome one-liner scripts especially for bug bounty tips.

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

Awesome cloud enumerator

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Gorsair hacks its way into remote docker containers that expose their APIs

One-click installer for Frida and Burp certs for SSL Pinning bypass

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

🎯 XML External Entity (XXE) Injection Payload List

A cross-platform note-taking & target-tracking app for penetration testers.

被动式漏洞扫描系统

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Network footprint scanner platform. Discover domains and run your custom checks periodically.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

A default credential scanner.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Snoop — инструмент разведки на основе открытых данных (OSINT world)

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

OSINT Project

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Hacking Toolkit

a recon tool that allows searching on URLs that are exposed via shortener services

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Discover Your Attack Surface!

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

A Fast Broken Link Hijacker Tool written in Python

Python library and CLI for the Bug Bounty Recon API

Automated network asset, email, and social media profile discovery and cataloguing.

Maryam: Open-source Intelligence(OSINT) Framework

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

This challenge is Inon Shkedy's 31 days API Security Tips.

Micro-framework for rapid development of reusable security tools

Find cloud assets that no one wants exposed 🔎 ☁️

GitHub Recon — and what you can achieve with it!

🔐 Docker Container for Penetration Testing & Security

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Change monitoring app that checks the content of web pages in different periods.

Hawkeye filesystem analysis tool

A list to discover work of red team tooling and methodology for penetration testing and security assessment

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

🔎 Find usernames across social networks