1310 Open source projects that are alternatives of or similar to Xunfeng

Subdomain Takeover tool written in Go

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

SQL Injection Payload List

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Sifter aims to be a fully loaded Op Centre for Pentesters

Exploit Pack -The next generation exploit framework

Web Content Discovery Tool

Gorsair hacks its way into remote docker containers that expose their APIs

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Micro-framework for rapid development of reusable security tools

Responsive Command and Control System

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Command line tool that allows you to explore IoT devices by using Shodan API.

DNS Sub-domain brute forcer, in Python + gevent

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

my oscp prep collection

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Powerful Visual Subdomain Enumeration at the Click of a Mouse

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Set of tools to audit SIP based VoIP Systems

📡 A python program to create a fake AP and sniff data.

🚀 Fast Port Scanner 🚀

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Centralize Vulnerability Assessment and Management for DevSecOps Team

Windows one line commands that make life easier, shortcuts and command line fu.

Python network tool, similar to Netcat with custom features.

🔐 Docker Container for Penetration Testing & Security

Hawkeye filesystem analysis tool

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

A simple tool for interacting with OWASP ZAP from the commandline.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Network Vulnerability Scanner

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

🖖 Fast, modern, easy-to-use network scanner

Pentest: Subdomains enumeration tool for penetration testers.

A static binary vulnerability scanner

Scout - a Contactless Active Reconnaissance Tool

Botnet targeting Windows machines written entirely in Python & open source security project.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Cameradar hacks its way into RTSP videosurveillance cameras

Static and dynamic Android application security analysis

Fast and customizable vulnerability scanner For JIRA written in Python

Selenium powered Python script to automate searching for vulnerable web apps.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨