SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (+44%)
Go ShodanShodan API client
Stars: ✭ 158 (+532%)
Keynuker🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github
Stars: ✭ 82 (+228%)
Intrigue CoreDiscover Your Attack Surface!
Stars: ✭ 1,013 (+3952%)
Vscan Gogolang version for nmap service and application version detection (without nmap installation)
Stars: ✭ 107 (+328%)
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+9148%)
ZaproxyThe OWASP ZAP core project
Stars: ✭ 9,078 (+36212%)
Grinder🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
Stars: ✭ 209 (+736%)
Wpscan V3THIS REPOSITORY HAS BEEN MOVED TO https://github.com/wpscanteam/wpscan USE THAT!!!
Stars: ✭ 132 (+428%)
Doublepulsar Detection ScriptA python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
Stars: ✭ 977 (+3808%)
Censys RubyRuby API client for the Censys internet-wide network-scan search engine
Stars: ✭ 8 (-68%)
MinionsDistributed filesystem scanner
Stars: ✭ 115 (+360%)
YawastYAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Stars: ✭ 181 (+624%)
PakalaOffensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine
Stars: ✭ 97 (+288%)
CobraSource Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+11108%)
Intrigue IdentApplication and Service Fingerprinting
Stars: ✭ 70 (+180%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+548%)
Kube ScoreKubernetes object analysis with recommendations for improved reliability and security
Stars: ✭ 1,128 (+4412%)
vilicusVilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
Stars: ✭ 82 (+228%)
Pentest ChainsawScrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product
Stars: ✭ 36 (+44%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+7196%)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+11544%)
Vuln Web AppsA curated list of vulnerable web applications.
Stars: ✭ 128 (+412%)
Recon RavenReconnaissance tool of Penetration test & Bug Bounty
Stars: ✭ 18 (-28%)
Sn0intSemi-automatic OSINT framework and package manager
Stars: ✭ 814 (+3156%)
Security CheckerA PHP dependency vulnerabilities scanner based on the Security Advisories Database.
Stars: ✭ 115 (+360%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+10932%)
Btscan批量漏洞扫描框架
Stars: ✭ 108 (+332%)
pythxA Python library for the MythX smart contract security analysis platform
Stars: ✭ 30 (+20%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+320%)
PortauthorityA handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts.
Stars: ✭ 174 (+596%)
Btle SnifferPassively scan for Bluetooth Low Energy devices and attempt to fingerprint them
Stars: ✭ 87 (+248%)
JxnetJxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).
Stars: ✭ 26 (+4%)
Pest🐞 Primitive Erlang Security Tool
Stars: ✭ 79 (+216%)
VulscanAdvanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+9120%)
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+35276%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (+764%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+36448%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+548%)
HoperSecurity tool to trace URL's jumps across the rel links to obtain the last URL
Stars: ✭ 50 (+100%)
caddy-security🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Stars: ✭ 696 (+2684%)
SlowhttptestApplication Layer DoS attack simulator
Stars: ✭ 1,003 (+3912%)
GitgotSemi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+3756%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+7396%)
Golang TlsSimple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+3328%)
dcweb三方依赖库扫描系统
Stars: ✭ 75 (+200%)
ChangemeA default credential scanner.
Stars: ✭ 928 (+3612%)
GsilGitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Stars: ✭ 1,764 (+6956%)
XattackerX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+3488%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (+728%)
OssaOpen-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+3084%)
PbscanFaster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.
Stars: ✭ 122 (+388%)
netizenshipa commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.
Stars: ✭ 33 (+32%)
dirbpyThis is the new version of dirb in python
Stars: ✭ 36 (+44%)
ninjaberryNinjaberry: Raspberry Pi UI for @bettercap
Stars: ✭ 39 (+56%)
Security ScriptsA collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
Stars: ✭ 188 (+652%)