550 Open source projects that are alternatives of or similar to Zigdiggity

安全总是无处不在...

Simple script that checks a domain for email protections

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Read local Chrome cookies without root or decrypting

Command-line passphrase generator

Golang security checker

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Public append-only ledger microservice built with Slim Framework

Relational database brute force and post exploitation tool for MySQL and MSSQL

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

JAVA安全SDK及编码规范

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

A CLI tool for automating the importing, securing and usage of NordVPN (and in the future, more) OpenVPN servers through NetworkManager.

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

An OSINT Metadata analyzing tool that filters through tags and creates reports

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

SMB Relay Attack Script

The clever vulnerability dependency finder

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

Penetration Testing Platform

Enumerate and disable common sources of telemetry used by AV/EDR.

Work in progress firewall for Linux syscalls, written in Rust

Performing security tests inside your CI

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

一行代码检测XP/调试/多开/模拟器/root

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Hardening Ubuntu. Systemd edition.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

🔄 A collection of mitmproxy inline scripts

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

myscan 被动扫描

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

Tool for complete hardening of Linux boot chain with UEFI Secure Boot

Toolbox containing research notes & PoC code for weaponizing .NET's DLR

Python 3.5+ DNS asynchronous brute force utility

Micro-framework for rapid development of reusable security tools

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Linux命令转发记录

Open Redirect Payloads

Hunt down the secrets from the WebArchives for Fun and Profit

WEB SERVICE SECURITY ASSESSMENT TOOL

Tool to predict attacker groups from the techniques and software used

Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems

Qualys sslabs-scan utility in a tiny docker image

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

RubberDucky like payloads for DigiSpark Attiny85

💫 An asynchronous Low & Slow traffic generator, written in Rust

Android library to reveal or obfuscate strings and assets at runtime