2472 Open source projects that are alternatives of or similar to Security Tools

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Web path scanner

Micro-framework for rapid development of reusable security tools

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

The Swiss Army knife for automated Web Application Testing

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

Hawkeye filesystem analysis tool

Subdomain Takeover tool written in Go

Cameradar hacks its way into RTSP videosurveillance cameras

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Pentest: Subdomains enumeration tool for penetration testers.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

A tool to test security of json web token

Little Bug Bounty & Hacking Tools⚔️

Hacking Toolkit

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Awesome cloud enumerator

Next generation web scanner

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

🎯 XML External Entity (XXE) Injection Payload List

Decode All Bases - Base Scheme Decoder

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Automated NoSQL database enumeration and web application exploitation tool.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Web application vulnerability scanner

WEB SERVICE SECURITY ASSESSMENT TOOL

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

🤖 The Modern Port Scanner 🤖

swiss army knife for hackers

A tool to fastly get all javascript sources/files

Rockyou for web fuzzing

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Related subdomains finder

Idiomatic nmap library for go developers

Awesome Java Security Resources 🕶☕🔐

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

🔑 Hash type identifier (CLI & lib)

Steganography brute-force utility to uncover hidden data inside files

Awesome Python Security resources 🕶🐍🔐

Yet Another PHP Shell - The most complete PHP reverse shell