OtsecaOpen source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
Stars: ✭ 416 (-19.54%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-63.83%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-63.25%)
Security ScriptsA collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
Stars: ✭ 188 (-63.64%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-61.51%)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+463.06%)
NullinuxInternal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: ✭ 451 (-12.77%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-59.96%)
Iot PtA Virtual environment for Pentesting IoT Devices
Stars: ✭ 218 (-57.83%)
HellraiserVulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (-20.12%)
H1domainsHackerOne "in scope" domains
Stars: ✭ 223 (-56.87%)
NebulousadNebulousAD automated credential auditing tool.
Stars: ✭ 158 (-69.44%)
Zbn安全编排与自动化响应平台
Stars: ✭ 201 (-61.12%)
AaiaAWS Identity and Access Management Visualizer and Anomaly Finder
Stars: ✭ 218 (-57.83%)
ZbangzBang is a risk assessment tool that detects potential privileged account threats
Stars: ✭ 224 (-56.67%)
MxtractmXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (-3.48%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-90.33%)
IsthislegitDashboard to collect, analyze, and respond to reported phishing emails.
Stars: ✭ 251 (-51.45%)
default-http-login-hunterLogin hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
Stars: ✭ 285 (-44.87%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+565.18%)
JxnetJxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).
Stars: ✭ 26 (-94.97%)
sandfly-setupSandfly Security Agentless Compromise and Intrusion Detection System For Linux
Stars: ✭ 45 (-91.3%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (-23.02%)
LuciferA Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life
Stars: ✭ 302 (-41.59%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (-24.95%)
secure-pipeline-advisorImprove your code security by running different security checks/validation in a simple way.
Stars: ✭ 25 (-95.16%)
CobraSource Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+441.97%)
NetworkAlarmA tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-96.71%)
wifibangwifi attacks suite
Stars: ✭ 56 (-89.17%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+649.13%)
awesome-pentest-toolsList of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Stars: ✭ 34 (-93.42%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (-14.7%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-24.76%)
docker-wallarm-node⚡️ Docker official image for Wallarm Node. API security platform agent.
Stars: ✭ 18 (-96.52%)
revshfuzzA tool for fuzzing for ports that allow outgoing connections
Stars: ✭ 18 (-96.52%)
BrutusBotnet targeting Windows machines written entirely in Python & open source security project.
Stars: ✭ 37 (-92.84%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-93.23%)
Envizonnetwork visualization & vulnerability management/reporting
Stars: ✭ 382 (-26.11%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-69.83%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-26.11%)
ConstoleScan for and exploit Consul agents
Stars: ✭ 37 (-92.84%)
SimpleKeyloggerSimple Keylogger with smtp to send emails on your account using python works on linux and Windows
Stars: ✭ 32 (-93.81%)
SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-93.04%)
Fwanalyzera tool to analyze filesystem images for security
Stars: ✭ 382 (-26.11%)
GadgetprobeProbe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Stars: ✭ 381 (-26.31%)
offensive-docker-vpsCreate a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.
Stars: ✭ 66 (-87.23%)
Hack-UtilsScript to facilitate different functions and checks
Stars: ✭ 27 (-94.78%)
SpyGenTrojan 🐍 (keylogger, take screenshots, open your webcam) 🔓
Stars: ✭ 115 (-77.76%)
SoteriaPlugin to block compilation when unapproved dependencies are used or code styling does not comply.
Stars: ✭ 36 (-93.04%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-50.87%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-48.16%)
MqueryYARA malware query accelerator (web frontend)
Stars: ✭ 264 (-48.94%)
FireelffireELF - Fileless Linux Malware Framework
Stars: ✭ 435 (-15.86%)
Deep-InsideCommand line tool that allows you to explore IoT devices by using Shodan API.
Stars: ✭ 22 (-95.74%)
Salt ScannerLinux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Stars: ✭ 261 (-49.52%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+518.57%)
GosecGolang security checker
Stars: ✭ 5,694 (+1001.35%)