832 Open source projects that are alternatives of or similar to Resources-for-Application-Security

Responsive Command and Control System

A collection of electronic hacker magazines carefully curated over the years from multiple sources

helps visualize heap operations for pwn and debugging

Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

Game of Thrones hacking CTF (Capture the flag)

bctf2017 challenges

In progress rough solutions to bWAPP / bee-box

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

中国科学技术大学第八届信息安全大赛的官方与非官方题解

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Desktop variant of OWASP Threat Dragon

The Swiss Army knife for automated Web Application Testing

Backend logic implementation for Vulnerability Management System

Your Everyday Threat Intelligence

Automated Penetration Testing Framework

A collection of response templates for invalid bug bounty reports.

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Malcom - Malware Communications Analyzer

Writeups for vulnerable machines.

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

OWASP Threat Dragon core files

Zero-setup SSH-based scanner with extensive visualizations for Debian server inventory, policy compliance and vulnerabilities

OWASP Joomla Vulnerability Scanner Project

An information security preparedness tool to do adversarial simulation.

Oversecured Vulnerable iOS App

A default credential scanner.

In-depth Attack Surface Mapping and Asset Discovery

Vulnerability Dashboard

Penelope Shell Handler

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

OWASP Web Application Security Testing Checklist

被动式漏洞扫描系统

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

A Blazing fast Security Auditing tool for Kubernetes

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Cameradar hacks its way into RTSP videosurveillance cameras

FAME Automates Malware Evaluation

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

🐉 Export ghidra decompiled code to dwarf sections inside ELF binary

completely ridiculous API (crAPI)

🔥☀️

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

Scanner, signatures and the largest collection of Magento malware

Damn Vulnerable NodeJS Application

ES File Explorer Open Port Vulnerability - CVE-2019-6447

apache 2.x.x module, for CSRF mitigation

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

An OSINT tool to find contacts in order to report security vulnerabilities.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Script to spider a website and find publicly open S3 buckets

An intelligent React component to obfuscate any contact link!

Related subdomains finder