888 Open source projects that are alternatives of or similar to Security Scripts

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Web Scan Lazy Tools - Python Package

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

Kubernetes RBAC static Analysis & visualisation tool

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

🤖 The Modern Port Scanner 🤖

🆕 The Multi-Tool Web Vulnerability Scanner.

Simple Golang HTTPS/TLS Examples

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Advanced vulnerability scanning with Nmap NSE

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Secure, Unified, Powerful and Extensible Rust Android Analyzer

Web application vulnerability scanner

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Bandit is a tool designed to find common security issues in Python code.

kube-scan: Octarine k8s cluster risk assessment tool

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

A default credential scanner.

Enumeration sub domains(枚举子域名)

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Application and Service Fingerprinting

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)

Official Black Hat Arsenal Security Tools Repository

A Machine Learning approach for classifying a file as Malicious or Legitimate

Nmap and NSE command line wrapper in the style of Metasploit

Source Code Security Audit (源代码安全审计)

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

🔎 shodansploit > v1.3.0

My simple Swiss Army knife for http/https troubleshooting and profiling.

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

network visualization & vulnerability management/reporting

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

a javascript static security analysis tool

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

InQL - A Burp Extension for GraphQL Security Testing

Security scanner coordinator

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Open-Source Security Architecture | 开源安全架构

Golang安全资源合集

NodeJS Simple Network Scanner

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included

ELK Stack Dockerfile

Cert is the Go tool to get TLS certificate information.

Auto IP or Domain Attack Tool ( #1 )

A handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts.

A Go implementation of dirsearch.