673 Open source projects that are alternatives of or similar to Tools Tbhm

All-in-one tool for managing vulnerability reports from AppSec pipelines

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

Find exploit tool

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Friends don't let friends leak secrets on their terminal window 🙈

Scan for open AWS S3 buckets and dump the contents

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Kali Linux 工具合集中文说明书

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Collecting & Hunting for IOCs with gusto and style

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

安全总是无处不在...

Attack surface mapping

Enumeration sub domains(枚举子域名)

Attack Surface Management Platform | Sn1perSecurity LLC

Documentation:

Top disclosed reports from HackerOne

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Security scanner coordinator

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Simple script that checks a domain for email protections

An application to assist in the organization and prioritization of software security activities.

Read local Chrome cookies without root or decrypting

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

Scans a list of websites for Cloudfront or S3 Buckets

Gospider - Fast web spider written in Go

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

An OSINT Metadata analyzing tool that filters through tags and creates reports

snopf USB password token

Intelligence tool but without API key

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

Collection of PowerShell network security scripts for system administrators.

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

outis is a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Android library to reveal or obfuscate strings and assets at runtime

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

🚿 Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Passive Security Scanner (被动式安全扫描器)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Mining parameters from dark corners of Web Archives

This ansible role gets information from an AWS VPC and generate a graphical representation of security groups

🆕 The Multi-Tool Web Vulnerability Scanner.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.

Penetration tests guide based on OWASP including test cases, resources and examples.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

All about bug bounty (bypasses, payloads, and etc)