129 Open source projects that are alternatives of or similar to whoof

A simple and easy-to-use .NET managed wrapper for Low Level Keyboard hooking.

🎯 RFI/LFI Payload List

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

Sample scan files for testing DefectDojo imports

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Presentations, training modules, and other education materials from Duo Security's Application Security team.

Debug Child Process Tool (auto attach)

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

Integrates OWASP Zed Attack Proxy reports into SonarQube

A Windows API hooking library

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Application-embedded connectivity and zero-trust components

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

A Java library for parsing and programmatically using threat models

A simple Java command-line utility to mirror the entire contents of VulnDB.

Embedded AppSec Best Practices

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

An open-source x86 / x86-64 hooking library for Windows.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo

Oversecured Vulnerable Android App

Reddit Android app mod inspired by Aliucord

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Additional Resources For Securing The Stack Tutorials

In progress rough solutions to bWAPP / bee-box

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

A simple commandline injector using classic DLL injection

OWASP Code Review Guide Web Repository

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Windows API hooking project to log all the windows / UIs with the exact timestamp when they are opened.

Documentation for Essential Node.js Security

Oversecured Vulnerable iOS App

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

This repository contains links to awesome security articles.

The goal of this project is to provide an alternative to well established text hookers, whose features are restrained to a certain number of game engines and emulators.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Enables all the DLCs. Like Creamapi but just for linux and a subset of Paradox games.

Git All the Payloads! A collection of web attack payloads.

Some good resources for getting started with application security

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

DLL Hooking Packet Sniffer

The OWASP ZAP Heads Up Display (HUD)

RemoteControl like TeamViewer(JAVA)

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Full Nuclei automation script with logic explanation.

This project is about creating and publishing threat model examples.

OWASP Zed Attack Proxy project landing page.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Multi-threaded JNA hooks and simplified library access to window/key/mouse functions.

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

A C# port of the MinHook API hooking library

subhook wrapper for Nim https://github.com/Zeex/subhook

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Nmap and NSE command line wrapper in the style of Metasploit

featured cs:go internal hack, one file and less than 1000 lines.

Resources About Hooking. For All Platforms. Currently 300+ Tools And 600+ Posts.

A series of increasingly complex programs demonstrating function hooking on 64 bit Windows. Culminating in a program that hooks mspaint to make it always paint orange.