888 Open source projects that are alternatives of or similar to Security Scripts

A wrapper for Nmap to quickly run network scans

TLS implementation in pure python, focused on interoperability testing

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Cloud Discovery provides a point in time enumeration of all the cloud native platform services

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included

EternalView is an all in one basic information gathering and vulnerability assessment tool

asset-scan是一款适用甲方企业的外网资产周期性扫描监控系统

100% Open-Source Packet Capture Agent for HEP

ELK Stack Dockerfile

A binary analysis framework

Custom memory allocator that helps discover reads from uninitialized memory

Distributed filesystem scanner

Auto IP or Domain Attack Tool ( #1 )

Awesome hacking is an awesome collection of hacking tools.

OSS Vulnerability Scanner for Windows Platform

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

基于masscan和nmap的快速端口扫描和指纹识别工具，优化版本(获取标题，页面长度,过滤防火墙)

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

snopf USB password token

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Elasticsearch for Offensive Security

Exploit management framework

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Repository for the Lemur Certificate Manager

Scan only once by IP address and reduce scan times with Nmap for large amounts of data.

🚿 Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software

High-Performance Erlang Network Client Framework

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.

批量漏洞扫描框架

Privacy Online Test and Resource Compendium (POTARC) 🕵🏻

EmbedOS - Embedded security testing virtual machine

Collection of PowerShell network security scripts for system administrators.

A JWT (JSON Web Token) Encoder & Decoder

A Lightweight and fully asynchronous MQTT client C library based on libev

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Shodan API client

A curated list of awesome Internet port and host scanners, plus related components and much more, with a focus on free and open source projects.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

Bouncer is a network TCP port redirector/forward proxy (like rinetd) with extra features like Reverse tunneling (like ssh -R), SSL tunneling (like stunnel), connection Failover, LoadBalancing and Clustering. In pure Java (BIO)

An FTP and FTPS client for .NET & .NET Standard, optimized for speed. Provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, FXP support, UTF-8 support, Async/await support, Powershell support and more. Written entirely in C#,…

A collection of public offensive and defensive security related scripts for InfoSec students.

Android library to reveal or obfuscate strings and assets at runtime

OSSSM (awesome). Open source short-term secure messaging

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

Open source all-in-one CLI tool to semi-automate pentesting.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Certificate Manager in .NET Core for creating and using X509 certificates

Webshell Manager

Some of the best web shells that you might need!

Search exposed EBS volumes for secrets

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

NebulousAD automated credential auditing tool.

A tool to test security of json web token

Cheroot is the high-performance, pure-Python HTTP server used by CherryPy. Docs -->

Exein core for Linux based firmware

Automate the installation of Let's Encrypt SSL on the free plan of ServerPilot

A curated list of vulnerable web applications.