1646 Open source projects that are alternatives of or similar to Vulmap

Performing security tests inside your CI

Python 3.5+ DNS asynchronous brute force utility

CVE Alerting Platform

Sifter aims to be a fully loaded Op Centre for Pentesters

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

A framework for Backdoor development!

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

无状态子域名爆破工具

hacker, ready for more of our story ! 🚀

NodeJS Simple Network Scanner

HostHunter a recon tool for discovering hostnames using OSINT techniques.

C2/post-exploitation framework

scanner detecting the use of JavaScript libraries with known vulnerabilities

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

CVE-2018-8120 Windows LPE exploit

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

Python3 tool to perform password spraying using RDP

fireELF - Fileless Linux Malware Framework

Automated Mass Exploiter

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

Automate Pentest Tool

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Advanced Web Shell

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

A Machine Learning approach for classifying a file as Malicious or Legitimate

The Correlated CVE Vulnerability And Threat Intelligence Database API

Vulnerability Patterns Detector for C# and VB.NET

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Code scanner library for Android, based on ZXing

Tool to predict attacker groups from the techniques and software used

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Dark Web OSINT Tool

Open source incident management and response platform.

Generalized proof of concept tool which can be used for drop-in bruteforce protection when needed.

SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

Python low-interaction honeyclient

Auto Scanning to SSL Vulnerability

My OSCP journey

📚 VoidHack CTF write-ups

Advanced dork Search & Mass Exploit Scanner

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

A collection of curated Java Deserialization Exploits

Open Source Tripwire®

Semi-automatic OSINT framework and package manager

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

OSINT Tool: Generate username lists for companies on LinkedIn

golang的扫描框架, 支持协程池和自动调节协程个数.

Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68

A curated list of awesome OSCP resources

A swiss army knife for pentesting networks

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com