943 Open source projects that are alternatives of or similar to Zap Cli

Dradis Framework: Colllaboration and reporting for IT Security teams

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Next generation web scanner

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Hacking Toolkit

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Web Content Discovery Tool

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

被动式漏洞扫描系统

Directory Services Internals (DSInternals) PowerShell Module and Framework

Semi-automatic OSINT framework and package manager

Automated Security Testing For REST API's

Automated Penetration Testing Framework

Learning Penetration Testing of Android Applications

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

A list to discover work of red team tooling and methodology for penetration testing and security assessment

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Gorsair hacks its way into remote docker containers that expose their APIs

Web path scanner

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Ruby on Rails Phishing Framework

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

A curated list of awesome OSCP resources

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

VOIP Security Audit Framework

A repository of tools for pentesting of restricted and isolated environments.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

A collection of public offensive and defensive security related scripts for InfoSec students.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

my oscp prep collection

Set of tools to audit SIP based VoIP Systems

The Collective. A repo for a collection of red-team projects found mostly on Github.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Automated NoSQL database enumeration and web application exploitation tool.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A tool to test security of json web token

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

A collection of hacking / penetration testing resources to make you better!

Study Notes For Web Hacking / Web安全学习笔记