1010 Open source projects that are alternatives of or similar to Sherlock

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

Leaked pentesting manuals given to Conti ransomware crooks

JALSI - Just Another Lame Shellcode Injector

渗透测试☞经验/思路/总结/想法/笔记

Enables and use of the concept of security in your Delphi applications

PHP Security Check List [ EN ] 🌋 ☣️

🔎 Hunt down social media accounts by username across social networks

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

个人教学 Wiki

Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Awesome Node.js Security resources

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

InQL - A Burp Extension for GraphQL Security Testing

Semi-automatic OSINT framework and package manager

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

一款可以检测WEB蜜罐并阻断请求的Chrome插件，能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api

Security tool to trace URL's jumps across the rel links to obtain the last URL

Hacking Toolkit

Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them

🐞 Primitive Erlang Security Tool

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

All-in-one tool for managing vulnerability reports from AppSec pipelines

🎯 Server Side Template Injection Payloads

Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.

A distributed peer to peer list of bad actor IP addresses and phone numbers collected via a SIP Honeypot.

一款适用于红蓝对抗中的仿真钓鱼系统

Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.

Additional Resources For Securing The Stack Tutorials

Hacking arsenal. This script download the latest tools, wordlists, releases and install common hacking tools

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

A C2 post-exploitation framework

Who and what to follow in the world of cyber security

Red Teaming Tactics and Techniques

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Source Code Security Audit (源代码安全审计)

Scan for and exploit Consul agents

Some good resources for getting started with application security

Exfiltration based on custom X509 certificates

It records your terminal, then lets you upload to ASHIRT

This is the official main repository for the Assimilation project

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Provides various Windows Server Active Directory (AD) security-focused reports.

Dorothy is a tool to test security monitoring and detection for Okta environments

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Sandfly Security Agentless Compromise and Intrusion Detection System For Linux

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.

Improve your code security by running different security checks/validation in a simple way.

Explore Indicators of Compromise Automatically

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications