841 Open source projects that are alternatives of or similar to Top25 Parameter

Web path scanner

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Awesome cloud enumerator

Yet Another PHP Shell - The most complete PHP reverse shell

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Relational database brute force and post exploitation tool for MySQL and MSSQL

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

👻Impost3r -- A linux password thief

A tool to fastly get all javascript sources/files

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Automated All-in-One OS Command Injection Exploitation Tool.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Open Redirect Payloads

备考 OSCP 的各种干货资料/渗透测试干货资料

A unified console to perform the "kill chain" stages of attacks.

RubberDucky like payloads for DigiSpark Attiny85

A tool to automate penetration tests

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Hetty is an HTTP toolkit for security research.

Pentesting/Bugbounty Dockerfiles.

Toolset for detecting reflected xss in websites

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Do some quick reconnaissance on a domain-based web-application

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

A high performance offensive security tool for reconnaissance and vulnerability scanning

🔐 Docker Container for Penetration Testing & Security

OneForAll是一款功能强大的子域收集工具

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

OSINT

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Extract subdomains from SSL certificates in HTTPS sites.

The all-in-one Red Team extension for Web Pentester 🛠

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Rockyou for web fuzzing

an easy pentesting tool.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A fast DOM based XSS vulnerability scanner with simplicity.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Credentials Checking Framework

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Open Redirect scanner - (out of date)

The LAZY script will make your life easier, and of course faster.

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

A python tool to check subdomain takeover vulnerability

🦄🔒 Awesome list of secrets in environment variables 🖥️

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Python3 tool to perform password spraying using RDP

Fully automated offensive security framework for reconnaissance and vulnerability scanning

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

A wrapper for Nmap to quickly run network scans

Extracting URLs of a specific target based on the results of "commoncrawl.org"