1463 Open source projects that are alternatives of or similar to Vuldash

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Awesome Node.js Security resources

🔑 Hash type identifier (CLI & lib)

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Misc. Public Reports of Penetration Testing and Security Audits.

🔐 Docker Container for Penetration Testing & Security

Backend logic implementation for Vulnerability Management System

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Collection of several DDos tools.

A collection of my quick and dirty scripts for vulnerability POC and detections

🌒 Shell command obfuscation to avoid detection systems

Argus Advanced Remote & Local Keylogger For macOS and Windows

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Common Web Managers Fuzz Wordlists

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Threat Hunting queries for various attacks

Offensive Reverse Shell (Cheat Sheet)

Dorothy is a tool to test security monitoring and detection for Okta environments

A Tool for Domain Flyovers

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Information Security Library

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

You didn't think I'd go and leave the blue team out, right?

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Malware Sample Sources

渗透测试☞经验/思路/总结/想法/笔记

A concise, directive, specific, flexible, and free incident response plan template

XSS in pastebin.com and reddit.com via unsanitized markdown output

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

This repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Selenium powered Python script to automate searching for vulnerable web apps.

WebMap-Nmap Web Dashboard and Reporting

Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers

A curated list of awesome infosec courses and training resources.

Extract subdomains from SSL certificates in HTTPS sites.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

A collection of awesome security hardening guides, tools and other resources

🎯 XML External Entity (XXE) Injection Payload List

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A collection of various GitHub gists for hackers, pentesters and security researchers

Pentest Report Generator

OSINT Swiss Army Knife

Hershell is a simple TCP reverse shell written in Go.

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

An advanced tool for email reconnaissance

Apache Solr Injection Research

OPCDE Cybersecurity Conference Materials