2472 Open source projects that are alternatives of or similar to Security Tools

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Rockyou for web fuzzing

Awesome Java Security Resources 🕶☕🔐

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

Astra is a tool to find URLs and secrets inside a webpage/files

A toolkit for CTFs

一个CTF+渗透测试工具框架,集成常见加解密，密码、编码转换，端口扫描，字符处理等功能

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

goverview - Get an overview of the list of URLs

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Get GTFOBins info about a given exploit from the command line

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Resumão da massa sobre Capture the Flag.

ImageStrike是一款用于CTF中图片隐写的综合利用工具

TomatoTools 一款CTF杂项利器，支持36种常见编码和密码算法的加密和解密，31种密文的分析和识别，支持自动提取flag，自定义插件等。

一个为渗透测试与CTF而制作的工具集，主要实现一些加解密的功能。

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

SEC分布式资产扫描系统

Framework for rapid development and reusable of security tools

🚩 CTF AWD framework

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.

sub domain wild card filtering tool

Nuubi Tools (Information-ghatering|Scanner|Recon.)

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

One-click installer for Frida and Burp certs for SSL Pinning bypass

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Attack surface mapping

fireELF - Fileless Linux Malware Framework

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Very simple script(s) to hasten binary exploit creation

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

An automatic and lightweight web application scanning tool for CTF.

XSS in pastebin.com and reddit.com via unsanitized markdown output

Writeups of CTF challenges

Golang security checker

No description or website provided.

Black Hat Python workshop for Disobey 2019

Automatically Launch Google Hacking Queries Against A Target Domain

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

a Go code to detect leaks in JS files via regex patterns

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Security challenges and CTFs created by the Penultimate team.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Misc. Public Reports of Penetration Testing and Security Audits.

封装多种CTF和平时常见加密及编码C#类库

Do some quick reconnaissance on a domain-based web-application

mXtract - Memory Extractor & Analyzer

Capture the flag Game