1350 Open source projects that are alternatives of or similar to Super

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Web Scan Lazy Tools - Python Package

Open-Source Security Architecture | 开源安全架构

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Web application vulnerability scanner

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Performing security tests inside your CI

Source Code Security Audit (源代码安全审计)

InQL - A Burp Extension for GraphQL Security Testing

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

🔎 shodansploit > v1.3.0

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

All-in-one tool for managing vulnerability reports from AppSec pipelines

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

A static analysis security vulnerability scanner for Ruby on Rails applications

a tool to analyze filesystem images for security

🎖safely* install packages with npm or yarn by auditing them as part of your install process

⚡️ Docker official image for Wallarm Node. API security platform agent.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

kube-scan: Octarine k8s cluster risk assessment tool

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

🆕 The Multi-Tool Web Vulnerability Scanner.

Simple Golang HTTPS/TLS Examples

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

NebulousAD automated credential auditing tool.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

Ghidra Analysis Enhancer 🐉

Web-based Source Code Vulnerability Scanner

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

安全编排与自动化响应平台

Patch-level verification for Bundler

Official Black Hat Arsenal Security Tools Repository

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

HackerOne "in scope" domains

A Blazing fast Security Auditing tool for Kubernetes

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Really quickly build APKs on handheld device (smartphone or tablet) in Amazon, Android, Chromebook and Windows📲 See https://buildapks.github.io/docsBuildAPKs/setup to start building APKs.

Chrome CustomTabs for Android demystified. Simplifies development and provides higher level classes including fallback in case Chrome isn't available on device.

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.

Sandfly Security Agentless Compromise and Intrusion Detection System For Linux

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Dashboard to collect, analyze, and respond to reported phishing emails.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Tool for breaking into web applications.

This is the official main repository for the Assimilation project

Improve your code security by running different security checks/validation in a simple way.