105 Open source projects that are alternatives of or similar to Twa

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

Docker auditing and enumeration script.

A defense tool - detect web shells in local directories via md5sum

Modified Nuclei Templates Version to FUZZ Host Header

Good resources about web security that I have read.

guardrails.cs.virginia.edu

For auditing what collaborators, hooks, and deploy keys you have added on all your GitHub repositories.

Nuclei Templates to reproduce Cracking the lens's Research

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Runs the default Google Lighthouse tests with additional security tests

🎯 PHP / ASP - Shell Backdoor List 🎯

🔨 📶 WiFi-Jammer/DoS toolset

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

KNXnet/IP scanning and auditing tool for KNX home automation installations.

📚 An ultimate collection wordlists of the best-known CMS

Zero-setup SSH-based scanner with extensive visualizations for Debian server inventory, policy compliance and vulnerabilities

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

A common audit framework for java application

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Clear all your logs in [linux/windows] servers 🛡️

A list of web application security

Awesome Object Capabilities and Capability Security

Deliberately vulnerable scripts for Web Security training

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

Yet another Django audit log app, hopefully the simplest one.

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

Web application vulnerability scanner

Auditing Script based on CIS-BENCHMARK CENTOS 8

Multi-Cloud Security Auditing Tool

Provides various Windows Server Active Directory (AD) security-focused reports.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Hopefully an up to date fork of SQL Power Doc. Newer PS versions and .NET levels. Maybe too ambitious. This repository was cloned from kendalvandyke, the original author of SQLPowerDoc. Codeplex is currently in the process of shutting down. I cloned this project (and its wiki) with the intention of preserving a wonderful tool that I recently dis…

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

A Node-based diffing tool to compare an array of URLs and flag differences between them

Find interesting and potentially hazardous commits in git projects

Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Phantom eye——A passive business logic vulnerability auditing tool

The best way to scan for weak ssh passwords on your network

Alok Menghrajani's Blog

GKE CIS 1.1.0 Benchmark InSpec Profile

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

java source code static code analysis and danger function identify prog

Versioning and Auditing with Hibernate Envers.

Simple, easily customised trigger-based auditing for PostgreSQL (Postgres). See also pgaudit.

ScanT3r - Web Security Scanner

A Django app that keeps a log of changes made to an object.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

👨‍🏫 Mike's Web Security Course

Continuous Auditing & Configuration

A Deliberately Insecure Web Application

🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind

The missing reverse proxy for ssh scp

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Personal CTF Toolkit

PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509