This repository is a collection of hacker tools, resources, and links for vulnerability analysis. Most tools are UNIX-compliant, free, and open source.
Open-source intelligence (OSINT) is intelligence collected from publicly available sources.
- Sherlock
- theHarverest
- aquatone
- spiderfoot
- DNSstuff
- Builtwith
- infosniper
- who.is
- spyse
- onyphe
- urlscan
- scans
- shodan
- censys
- zoomeye
- R3CON1Z3R
Localized search engines by country.
Search for all kind of files.
Vulnerability Assessment and Management Systems
Software | Category | Update Last 6 mouth |
---|---|---|
Archerysec | Vulnerability Assessment and Management | βοΈ |
DefectDojo | Vulnerability Assessment and Management | βοΈ |
faraday | Vulnerability Assessment and Management | βοΈ |
rengine | Vulnerability Assessment and Management, Scanner | βοΈ |
Vulnerability Analysis Software.
Software | Category | Update Last 6 mouth |
---|---|---|
hydra | Password-cracker | βοΈ |
Vuls | Vulnerability Assessment and Management | βοΈ |
Metasploit | Exploit Framework | βοΈ |
MobSF | Exploit Framework (for Mobile) | βοΈ |
git-secret | Cryptography | βοΈ |
truffleHog | Secret finding | β |
GitLeaks | Secret finding | βοΈ |
RedTeamScripts | C# scripts | βοΈ |
knock | Subdomain Enumeration | β |
SubDomainsBrute | Subdomain Enumeration | βοΈ |
SubDomain3 | Subdomain Enumeration | βοΈ |
domained | Subdomain Enumeration | βοΈ |
routerslpoit | Exploit Framework | β |
BeFF | Exploit Framework | βοΈ |
Software | Analyze Code | Update Last 6 mouth |
---|---|---|
Insider | Java, Kotlin, Swift, .NET, C#, Javascript | βοΈ |
Bearer | JavaScript/TypeScript, Ruby, PHP, Java (Beta), Go (Beta), Python (Alpha) | βοΈ |
Infer# | C# | βοΈ |
SpotBugs | Java | βοΈ |
PVS-Studio | Multilanguage | βοΈ |
PMD | Multilanguage | βοΈ |
PHPvulnhunter | PHP | β |
FindSecBug | Java web, Andriod, Scala, Kotlin, Groovy | βοΈ |
codechecker | C/C++ | βοΈ |
cppcheck | C/C++ | βοΈ |
cobra | PHP,Java | β |
brakeman | Ruby on Rails | βοΈ |
SecCodeScan | C#, VB.NET | βοΈ |
Cascade | C# | β |
Bandit | Python | βοΈ |
LLVM Clang | C, Objective-C, C++ and Objective-C++ | βοΈ |
Codemodder | Java, Python, fixes non-trivial security issues and other code quality problems | βοΈ |
Software | Description | Update Last 6 mouth |
---|---|---|
Snyk | Scanner Source Code | βοΈ |
Contrast | Application Scanner Framework | βοΈ |
CloudSploit | Analyze Cloud Infrastructure | βοΈ |
SonaQube | Application Scanner Framework | βοΈ |
WhiteSourceSoft | Application Scanner Framework | βοΈ |
PT Application Inspector | Application Scanner Framework | βοΈ |
- https://github.com/Checkmarx/kics
- https://github.com/DependencyTrack/dependency-track
- https://github.com/bridgecrewio/checkov
- https://github.com/aquasecurity/trivy
Software | Category | Update Last 6 mouth |
---|---|---|
Tsunami | Scanner | βοΈ |
WATOBO | Web Scanner | βοΈ |
Osmedeus | Scanner | βοΈ |
OneForAll | Scanner | βοΈ |
osprey | Web Scanner | β |
Xray | Web Scanner | βοΈ |
AZScanner | Scanner | β |
GroundScan | Scanner | β |
BBScan | Scanner | β |
AnyScan | Scanner | β |
WAScan | Web Scanner | βοΈ |
YukiChan | Scanner | β |
Poscan | Scanner | β |
w3af | Web Scanner | β |
sn1per | Scanner | βοΈ |
Scanless | Scanner | βοΈ |
NoSQLMap | NoSQL Scanner | βοΈ |
Nmap | Scanner | βοΈ |
NetSparker | Scanner | βοΈ |
Wapiti | Web Scanner | βοΈ |
Golismero | Scanner | βοΈ |
Nexpose | Scanner | βοΈ |
Raccoon | Scanner | β |
WhatWeb | Web Scanner | βοΈ |
Puma Scan | Scanner Analysis | βοΈ |
Arachni | Web Scanner | β |
Legion | Scanner | βοΈ |
Nessus | Scanner | βοΈ |
OpenVAS | Scanner | βοΈ |
Acuentrix | Scanner | βοΈ |
Nikto | Web Scanner | βοΈ |
Sqlmap | SQL Scanner | βοΈ |
Striker | Scanner | β |
Zaproxy | Web Scanner | βοΈ |
AutoRecon | Scanner | βοΈ |
ScanOval | Application Vulnerabilities in XML files | βοΈ |
Data | Description |
---|---|
CVE | Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures |
Exploitdb | The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more |
0day | 0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals |
NVD NIST | NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP) |
Vuldb | Vulnerability database documenting and explaining security vulnerabilities and exploits |
Synk | Vulnerability database detailed information and remediation guidance for known vulnerabilities |