846 Open source projects that are alternatives of or similar to Stacoan

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

An automated target reconnaissance pipeline.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

A note-taking macOS app for penetration-testers.

The Swiss Army knife for automated Web Application Testing

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Intentionally vulnerable Android application.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Automated NoSQL database enumeration and web application exploitation tool.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

A curated list of various bug bounty tools

This repository created for personal use and added tools from my latest blog post.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A static analysis tool for security

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Bandit is a tool designed to find common security issues in Python code.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Web Application recon automation

Documentation:

HostHunter a recon tool for discovering hostnames using OSINT techniques.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Scanning APK file for URIs, endpoints & secrets.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

DNS-Discovery is a multithreaded subdomain bruteforcer.

Flutter Reverse Engineering Framework

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Golang security checker

Infection Monkey - An automated pentest tool

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Powerfull XSS Scanning and Parameter analysis tool&gem

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Next-gen phpDoc parser with support for intersection types and generics

kube-scan: Octarine k8s cluster risk assessment tool

Making Favicon.ico based Recon Great again !

Most usable tools for iOS penetration testing

🌟 JavaScript Style Guide, with linter & automatic code fixer

Program to reverse Docker images into Dockerfiles

Hacking Toolkit

🔒 Anti DDOS | Bash Script Project 🔒

a javascript static security analysis tool

A collection of awesome security hardening guides, tools and other resources

Automated Red Team Infrastructure deployement using Docker

Vulnerability Patterns Detector for C# and VB.NET

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK