1646 Open source projects that are alternatives of or similar to Vulmap

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

A tool to automate penetration tests

Extract subdomains from SSL certificates in HTTPS sites.

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

🤖 The Modern Port Scanner 🤖

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Python 3.5+ DNS asynchronous brute force utility

Python3 tool to perform password spraying using RDP

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

network visualization & vulnerability management/reporting

CVE Alerting Platform

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Performing security tests inside your CI

Sifter aims to be a fully loaded Op Centre for Pentesters

Exploiting Edge's read:// urlhandler

hacker, ready for more of our story ! 🚀

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

NodeJS Simple Network Scanner

Vulnerability Labs for security analysis

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Open Redirect Payloads

Micro-framework for rapid development of reusable security tools

A framework for Backdoor development!

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

DNS Sub-domain brute forcer, in Python + gevent

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Automated Mass Exploiter

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

mXtract - Memory Extractor & Analyzer

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Notes about attacking Jenkins servers

CVE-2018-8120 Windows LPE exploit

红队综合渗透框架

It's a simple tool for test vulnerability shellshock

Writeup of CVE-2020-15906

CVE-2016-8610 (SSL Death Alert) PoC

🎖safely* install packages with npm or yarn by auditing them as part of your install process

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

hydra

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

A web front-end for password cracking and analytics

fireELF - Fileless Linux Malware Framework

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework