2472 Open source projects that are alternatives of or similar to Security Tools

Everything needed for doing CTFs

A simple dns resolver of dns-record and web-record log server for pentesting

Nuubi Tools (Information-ghatering|Scanner|Recon.)

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

Offensive tools as Dockerfiles. Lightweight & Ready to go

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

hacker, ready for more of our story ! 🚀

XSS in pastebin.com and reddit.com via unsanitized markdown output

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

One-click installer for Frida and Burp certs for SSL Pinning bypass

Very simple script(s) to hasten binary exploit creation

Writeups of CTF challenges

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Fast and customizable vulnerability scanner For JIRA written in Python

ImageStrike是一款用于CTF中图片隐写的综合利用工具

An automatic and lightweight web application scanning tool for CTF.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

a Go code to detect leaks in JS files via regex patterns

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

No description or website provided.

封装多种CTF和平时常见加密及编码C#类库

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

CMS Detection and Exploit Kit based on Whatcms.org API

Do some quick reconnaissance on a domain-based web-application

Command line tool that allows you to explore IoT devices by using Shodan API.

CTF竞赛权威指南

Black Hat Python workshop for Disobey 2019

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

CloudFlare Checker written in Go

🦄🔒 Awesome list of secrets in environment variables 🖥️

retrieve information via O365 with a valid cred

A REST API security testing framework.

a javascript static security analysis tool

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Cross-platform CTF problem container manager

Sifter aims to be a fully loaded Op Centre for Pentesters

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Capture the flag Game

🔎 shodansploit > v1.3.0

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Scanning APK file for URIs, endpoints & secrets.

A collection of some of my scripts

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

JerseyCTF 2021

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Kubernetes RBAC static Analysis & visualisation tool

Port scanning and domain utility.

Selenium powered Python script to automate searching for vulnerable web apps.

Drone pentesting framework console

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

(deprecated) Android application vulnerability analysis and Android pentest tool