785 Open source projects that are alternatives of or similar to Shodansploit

Web application vulnerability scanner

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Secure, Unified, Powerful and Extensible Rust Android Analyzer

secureCodeBox (SCB) - continuous secure delivery out of the box

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Web Scan Lazy Tools - Python Package

All-in-one tool for managing vulnerability reports from AppSec pipelines

Trigram database written in C++, suited for malware indexing

🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

memory search and patch tool on debuggable apk without root & ndk

A friendly car security exploration tool for the CAN bus

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Application and Service Fingerprinting

Explore Indicators of Compromise Automatically

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

安全编排与自动化响应平台

Official Black Hat Arsenal Security Tools Repository

NERVE Continuous Vulnerability Scanner

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

YARA malware query accelerator (web frontend)

NebulousAD automated credential auditing tool.

Custom memory allocator that helps discover reads from uninitialized memory

Dashboard to collect, analyze, and respond to reported phishing emails.

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Source Code Security Audit (源代码安全审计)

HackerOne "in scope" domains

Bandit is a tool designed to find common security issues in Python code.

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Sandfly Security Agentless Compromise and Intrusion Detection System For Linux

Fuzz your Rust code with Google-developed Honggfuzz !

Powerful Shodan API client using RxJava and Retrofit

This is the new version of dirb in python

Improve your code security by running different security checks/validation in a simple way.

Awesome .NET Security Resources

A web spider for shodan.io without using the Developer API.

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Kubernetes RBAC static Analysis & visualisation tool

⚡️ Docker official image for Wallarm Node. API security platform agent.

Different utility scripts for pentesting and hacking.

SIde-Channel Analysis toolKit: embedded security evaluation tools

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product