1199 Open source projects that are alternatives of or similar to Yasuo

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Penetration Testing notes, resources and scripts

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

A Virtual environment for Pentesting IoT Devices

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

HackerOne "in scope" domains

Linux privilege escalation auditing tool

NebulousAD automated credential auditing tool.

安全编排与自动化响应平台

AWS Identity and Access Management Visualizer and Anomaly Finder

zBang is a risk assessment tool that detects potential privileged account threats

mXtract - Memory Extractor & Analyzer

Credentials Checking Framework

Dashboard to collect, analyze, and respond to reported phishing emails.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

Sandfly Security Agentless Compromise and Intrusion Detection System For Linux

Performing security tests inside your CI

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Improve your code security by running different security checks/validation in a simple way.

Source Code Security Audit (源代码安全审计)

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

wifi attacks suite

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

Security scanner coordinator

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

⚡️ Docker official image for Wallarm Node. API security platform agent.

Pentesting/Bugbounty Dockerfiles.

A tool for fuzzing for ports that allow outgoing connections

Botnet targeting Windows machines written entirely in Python & open source security project.

Yet Another PHP Shell - The most complete PHP reverse shell

network visualization & vulnerability management/reporting

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Scan for and exploit Consul agents

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

a tool to analyze filesystem images for security

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Script to facilitate different functions and checks

Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

Kubernetes RBAC static Analysis & visualisation tool

Awesome cloud enumerator

YARA malware query accelerator (web frontend)

fireELF - Fileless Linux Malware Framework

Command line tool that allows you to explore IoT devices by using Shodan API.

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Golang security checker