452 Open source projects that are alternatives of or similar to W3af

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

In progress rough solutions to bWAPP / bee-box

Automated NoSQL database enumeration and web application exploitation tool.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

massive SQL injection vulnerability scanner

No description or website provided.

Next generation web scanner

Web path scanner

Deep Security's APIs make it simple to integration with a variety of AWS Services

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Web Application Security Scanner Framework

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

HTTP file upload scanner for Burp Proxy

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Another web vulnerabilities scanner, this extension works on Chrome and Opera

A list of web application security

Vulners Python API wrapper

A simple interpreter for a large subset of Pascal language written for educational purposes

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

🕷 A lightning fast multithreaded network scanner framework with modules.

Application Security Awareness Training

A scanner similar to bufio.Scanner, but it reads and returns lines in reverse order, starting at a given position and going backward.

高效强大扫描分析iOS和Android项目里没有使用的类Mac开源工具，清理项目垃圾类，让项目结构干净清爽，升级维护得心应手. Efficient and powerful scanning analysis iOS and Android project no classes used in Mac open source tools, cleaning rubbish class project, make project structure clean and relaxed, upgrade maintenance

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

A barcode and qr code scanner( 二维码/条形码扫描、生成，仿微信、支付宝)

This project is designed to allow easy creation of OMR (Optical Mark Recognition) templates and provides a bulk scanner which can be used for processing large amounts of images from a tray fed scanner.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

💻 Netcat client and server modules written in pure Javascript for Node.js.

Scan your code, extract translation keys/values, and merge them into i18n resource files.

Integrates Dependency-Check reports into SonarQube

(deprecated) Android application vulnerability analysis and Android pentest tool

Web-based Source Code Vulnerability Scanner

CheckIPTools 扫描谷歌IP以及实用IP转换小工具

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

This repository contains full code examples from the book Gray Hat C#

Yara Based Detection Engine for web browsers

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

🕵️‍♀️ Mondoo Cloud-Native Security & Vulnerability Risk Management

A free utility that finds malware, adware and other security threats

Just another script for automatize boolean-based blind SQL injections. (Demo)

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Remote command execution vulnerability scanner for Log4j.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

implement a full compiler based on c++ 11

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Migrated to https://github.com/kivy-garden/zbarcam

Automatic Enumeration Tool based in Open Source tools

WP Grab Info v2

CloudFlare Checker written in Go

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Network footprint scanner platform. Discover domains and run your custom checks periodically.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

Scanbot scanner SDK example app for Ionic with Cordova.

An automated target reconnaissance pipeline.