846 Open source projects that are alternatives of or similar to Stacoan

Modlishka. Reverse Proxy.

Most usable tools for iOS penetration testing

Ruby on Rails Continuous Deployment Ecosystem to maintain Healthy Stable Development

This document proposes a way of standardising the structure, language, and grammar used in security policies.

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Python 3.5+ DNS asynchronous brute force utility

A Tool for Domain Flyovers

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

A fast DOM based XSS vulnerability scanner with simplicity.

Comments Bitbucket Server (or Stash) pull requests with static code analyzer findings.

🌟 JavaScript Style Guide, with linter & automatic code fixer

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Hetty is an HTTP toolkit for security research.

goverview - Get an overview of the list of URLs

NodeJS Simple Network Scanner

GSM Scanner, RTL-SDR, StingWatch, Meteor

Collaborative malware analysis framework

PowerAuth Mobile SDK for adds capability for authentication and transaction signing into the mobile apps (ios, watchos, android).

a javascript static security analysis tool

unimport is a Go static analysis tool to find unnecessary import aliases.

🎯 XML External Entity (XXE) Injection Payload List

Rubocop extension for enforcing graphql-ruby best practices

A Collection of Secure Mobile Development Best Practices

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

PHPStan extension for webmozart/assert

A collection of awesome security hardening guides, tools and other resources

SonarLint integration for Apache Netbeans

Documenting the explosion of packages in the standard ecosystem!

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.

Search for Directory Traversal Vulnerabilities

Static code analysis test source code

Vulnerability Patterns Detector for C# and VB.NET

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Systemd Linter

Credentials catching honeypot

FastLint finds & fixes bugs in your commits

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.

Tiny Sentry client with idiomatic wrapper for Angular

Web Scan Lazy Tools - Python Package

eclipse-pmd has been moved to

A GitHub app to automatically review Python code style over Pull Requests

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

A plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.

Misc. Public Reports of Penetration Testing and Security Audits.

红队综合渗透框架

A light-weight password manager with a focus on simplicity and security

Code Climate Engine for ESLint

PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.