1653 Open source projects that are alternatives of or similar to Wstg

Next generation web scanner

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Web path scanner

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

🎯 RFI/LFI Payload List

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

A simple tool for interacting with OWASP ZAP from the commandline.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Yet Another PHP Shell - The most complete PHP reverse shell

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

A Python3 based single-file subdomain enumerator

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

The Collective. A repo for a collection of red-team projects found mostly on Github.

Hacking tools

Penetration tests guide based on OWASP including test cases, resources and examples.

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

🔪 Leak git repositories from misconfigured websites

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

A collection of public offensive and defensive security related scripts for InfoSec students.

The OWASP ZAP Heads Up Display (HUD)

my oscp prep collection

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Powerful Visual Subdomain Enumeration at the Click of a Mouse

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

A collection of hacking / penetration testing resources to make you better!

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

A wrapper for Nmap to quickly run network scans

Centralize Vulnerability Assessment and Management for DevSecOps Team

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Automated NoSQL database enumeration and web application exploitation tool.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Study Notes For Web Hacking / Web安全学习笔记

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Automated Security Testing For REST API's