1382 Open source projects that are alternatives of or similar to vaf

Web path scanner

It's a Docker Environment for pentesting which having all the required tool for VAPT.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Pentest: Subdomains enumeration tool for penetration testers.

A collection of various awesome lists for hackers, pentesters and security researchers

RAS(RAndom Subdomain) Fuzzer

A permutation generation tool written in golang

Related subdomains finder

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

One-click installer for Frida and Burp certs for SSL Pinning bypass

hydra

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Attack Surface Management Platform | Sn1perSecurity LLC

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

OneForAll是一款功能强大的子域收集工具

Credentials Checking Framework

Extract endpoints marked as disallow in robots files to generate wordlists.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

A Tool for Domain Flyovers

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Next generation web scanner

Hacking tools

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

HTTP fuzzer engine security oriented

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Command line tool for testing CRLF injection on a list of domains.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Little Bug Bounty & Hacking Tools⚔️

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Yet Another PHP Shell - The most complete PHP reverse shell

A collection of awesome one-liner scripts especially for bug bounty tips.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

This script will you help to find the information about the website and to help in penetrating testing

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries

Automated Penetration Testing Framework

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

all manner of wordlists

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Work in progress...

Automatically brute force all services running on a target.

XSS Payload without Anything.