344 Open source projects that are alternatives of or similar to Whitewidow

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Joint Advanced Defect assEsment for android applications

Auto Scanning to SSL Vulnerability

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

红队综合渗透框架

Open-Source Security Architecture | 开源安全架构

NERVE Continuous Vulnerability Scanner

A wiki focusing on aggregating and documenting various SQL injection methods

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

可能是最完整的 sqlmap 中文文档。

Apache Solr Injection Research

A few SQL and XSS attack tools

Find secrets and passwords in container images and file systems

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

👨‍💻 A work-in-progress web services mass scanner written in Rust

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

🕵️‍♀️ Mondoo Cloud-Native Security & Vulnerability Risk Management

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Remote command execution vulnerability scanner for Log4j.

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

Fast CORS misconfiguration vulnerabilities scanner🍻

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

A vulnerability scanner for container images and filesystems

XSS in pastebin.com and reddit.com via unsanitized markdown output

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

My fuzzing corpus

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

SQL注入扫描器

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Misc. Public Reports of Penetration Testing and Security Audits.

ES File Explorer Open Port Vulnerability - CVE-2019-6447

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

Use the docker to build a vulnerability environment

Understanding Linux Kernel Vulnerability

Advanced reconnaissance utility

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

图形化漏洞利用集成工具

🔪Browser logic vulnerabilities ☠️

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Powerful dork searcher and vulnerability scanner for windows platform

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

A Python Tool For google Hacking

Common Web Managers Fuzz Wordlists

Docker containers vulnerability scan

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

IoT 固件漏洞复现环境

My exploitDB.

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Simple DNS Rebinding Service

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Python SDK to access the vulnerability database

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

SmartBugs: A Framework to Analyze Solidity Smart Contracts