846 Open source projects that are alternatives of or similar to Stacoan

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Top disclosed reports from HackerOne

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Security scanner coordinator

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Simple script that checks a domain for email protections

kube-scan: Octarine k8s cluster risk assessment tool

Read local Chrome cookies without root or decrypting

Automated Red Team Infrastructure deployement using Docker

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Most usable tools for iOS penetration testing

Intelligence tool but without API key

🌟 JavaScript Style Guide, with linter & automatic code fixer

NodeJS Simple Network Scanner

a javascript static security analysis tool

A Collection of Secure Mobile Development Best Practices

A collection of awesome security hardening guides, tools and other resources

Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.

Vulnerability Patterns Detector for C# and VB.NET

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Penetrum LLC opensource security tool list.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

DeimosC2 is a Golang command and control framework for post-exploitation.

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.

A GitHub app to automatically review Python code style over Pull Requests

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

emba - An analyzer for Linux-based firmware of embedded devices.

C2/post-exploitation framework

ESLint Shareable Config for React/JSX support in JavaScript Standard Style

Convolutional neural network for analyzing pentest screenshots

Open source incident management and response platform.

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems

Multi Tool Subdomain Enumeration

A cross-platform note-taking & target-tracking app for penetration testers.

A Powerful Subdomain Takeover Tool

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

🌿 NodeJS PHP Parser - extract AST or tokens (PHP5 and PHP7)

SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems.

Enumerate and disable common sources of telemetry used by AV/EDR.

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Performing security tests inside your CI

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

T.J. Watson Libraries for Analysis

Generates combination of domain names from the provided input.

Awesome PHP Security Resources 🕶🐘🔐

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Droidefense: Advance Android Malware Analysis Framework

A collection of awesome one-liner scripts especially for bug bounty tips.

🎖safely* install packages with npm or yarn by auditing them as part of your install process