3590 Open source projects that are alternatives of or similar to Xspear

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

pentest framework

Hacking tools

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Automated Red Team Infrastructure deployement using Docker

Web Application Security Scanner Framework

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

A fast DOM based XSS vulnerability scanner with simplicity.

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Collection of quality safety articles. Awesome articles.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

hacker, ready for more of our story ! 🚀

A list of resources for those interested in getting started in bug bounties

HostHunter a recon tool for discovering hostnames using OSINT techniques.

The Swiss Army knife for automated Web Application Testing

TechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Git All the Payloads! A collection of web attack payloads.

A list of useful payloads for Web Application Security and Pentest/CTF

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

scan for NTLM directories

Next generation web scanner

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

No description or website provided.

Web path scanner

Automated NoSQL database enumeration and web application exploitation tool.

Pentest: Subdomains enumeration tool for penetration testers.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Free advanced and modern Windows botnet with a nice and secure PHP panel.

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

An automated approach to performing recon for bug bounty hunting and penetration testing.

An automated target reconnaissance pipeline.

Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Hacker101 CTF Writeup

Go Web Application Penetration Test

Awesome cloud enumerator

Your RegEx companion.

Motionia is a lightweight simplified on demand animation library!

Code scanner library for Android, based on ZXing

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

平常看到好的渗透hacking工具和多领域效率工具的集合

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

OSINT

Extract subdomains from SSL certificates in HTTPS sites.

A list of web application security

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Information Gathering tool for a Website or IP address

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏