1457 Open source projects that are alternatives of or similar to Resources

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Top disclosed reports from HackerOne

Powerfull XSS Scanning and Parameter analysis tool&gem

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Web Application Security Scanner Framework

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

pentest framework

Automated NoSQL database enumeration and web application exploitation tool.

Nuubi Tools (Information-ghatering|Scanner|Recon.)

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Making Favicon.ico based Recon Great again !

A Tool for Domain Flyovers

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Mining parameters from dark corners of Web Archives

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

An OSINT tool to gather information about the real owner of a phone number

Paskto - Passive Web Scanner

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Python library and CLI for the Bug Bounty Recon API

Collecting IOCs posted on Twitter

Phishing catcher using Certstream

A high performance offensive security tool for reconnaissance and vulnerability scanning

A passive subdomain finder

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Intelligence tool but without API key

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Sifter aims to be a fully loaded Op Centre for Pentesters

a recon tool that allows searching on URLs that are exposed via shortener services

swiss army knife for hackers

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A toolkit for Security Researchers

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

my oscp prep collection

A Github organization reconnaissance tool.

Discover internet-wide misconfigurations while drinking coffee

An OSINT tool to find contacts in order to report security vulnerabilities.

Information gathering & website reconnaissance | https://phishstats.info/

Extracting URLs of a specific target based on the results of "commoncrawl.org"

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

findCDN is a tool created to help accurately identify what CDN a domain is using.

Pentest: Subdomains enumeration tool for penetration testers.

Gosint is a distributed asset information collection and vulnerability scanning platform

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Related subdomains finder

Unofficial WhatCMS API package

Toolset for detecting reflected xss in websites

In progress rough solutions to bWAPP / bee-box

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Http request smuggling vulnerability scanner

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks