This repository is a collection of hacker tools, resources, and links for vulnerability analysis. Most tools are UNIX-compliant, free, and open source.
Open-source intelligence (OSINT) is intelligence collected from publicly available sources.
- Sherlock
- theHarverest
- aquatone
- spiderfoot
- DNSstuff
- Builtwith
- infosniper
- who.is
- spyse
- onyphe
- urlscan
- scans
- shodan
- censys
- zoomeye
- R3CON1Z3R
Localized search engines by country.
Search for all kind of files.
Vulnerability Assessment and Management Systems
| Software | Category | Update Last 6 mouth |
|---|---|---|
| Archerysec | Vulnerability Assessment and Management | βοΈ |
| DefectDojo | Vulnerability Assessment and Management | βοΈ |
| faraday | Vulnerability Assessment and Management | βοΈ |
| rengine | Vulnerability Assessment and Management, Scanner | βοΈ |
Vulnerability Analysis Software.
| Software | Category | Update Last 6 mouth |
|---|---|---|
| hydra | Password-cracker | βοΈ |
| Vuls | Vulnerability Assessment and Management | βοΈ |
| Metasploit | Exploit Framework | βοΈ |
| MobSF | Exploit Framework (for Mobile) | βοΈ |
| git-secret | Cryptography | βοΈ |
| truffleHog | Secret finding | β |
| GitLeaks | Secret finding | βοΈ |
| RedTeamScripts | C# scripts | βοΈ |
| knock | Subdomain Enumeration | β |
| SubDomainsBrute | Subdomain Enumeration | βοΈ |
| SubDomain3 | Subdomain Enumeration | βοΈ |
| domained | Subdomain Enumeration | βοΈ |
| routerslpoit | Exploit Framework | β |
| BeFF | Exploit Framework | βοΈ |
| Software | Analyze Code | Update Last 6 mouth |
|---|---|---|
| Insider | Java, Kotlin, Swift, .NET, C#, Javascript | βοΈ |
| Bearer | JavaScript/TypeScript, Ruby, PHP, Java (Beta), Go (Beta), Python (Alpha) | βοΈ |
| Infer# | C# | βοΈ |
| SpotBugs | Java | βοΈ |
| PVS-Studio | Multilanguage | βοΈ |
| PMD | Multilanguage | βοΈ |
| PHPvulnhunter | PHP | β |
| FindSecBug | Java web, Andriod, Scala, Kotlin, Groovy | βοΈ |
| codechecker | C/C++ | βοΈ |
| cppcheck | C/C++ | βοΈ |
| cobra | PHP,Java | β |
| brakeman | Ruby on Rails | βοΈ |
| SecCodeScan | C#, VB.NET | βοΈ |
| Cascade | C# | β |
| Bandit | Python | βοΈ |
| LLVM Clang | C, Objective-C, C++ and Objective-C++ | βοΈ |
| Codemodder | Java, Python, fixes non-trivial security issues and other code quality problems | βοΈ |
| Software | Description | Update Last 6 mouth |
|---|---|---|
| Snyk | Scanner Source Code | βοΈ |
| Contrast | Application Scanner Framework | βοΈ |
| CloudSploit | Analyze Cloud Infrastructure | βοΈ |
| SonaQube | Application Scanner Framework | βοΈ |
| WhiteSourceSoft | Application Scanner Framework | βοΈ |
| PT Application Inspector | Application Scanner Framework | βοΈ |
- https://github.com/Checkmarx/kics
- https://github.com/DependencyTrack/dependency-track
- https://github.com/bridgecrewio/checkov
- https://github.com/aquasecurity/trivy
| Software | Category | Update Last 6 mouth |
|---|---|---|
| Tsunami | Scanner | βοΈ |
| WATOBO | Web Scanner | βοΈ |
| Osmedeus | Scanner | βοΈ |
| OneForAll | Scanner | βοΈ |
| osprey | Web Scanner | β |
| Xray | Web Scanner | βοΈ |
| AZScanner | Scanner | β |
| GroundScan | Scanner | β |
| BBScan | Scanner | β |
| AnyScan | Scanner | β |
| WAScan | Web Scanner | βοΈ |
| YukiChan | Scanner | β |
| Poscan | Scanner | β |
| w3af | Web Scanner | β |
| sn1per | Scanner | βοΈ |
| Scanless | Scanner | βοΈ |
| NoSQLMap | NoSQL Scanner | βοΈ |
| Nmap | Scanner | βοΈ |
| NetSparker | Scanner | βοΈ |
| Wapiti | Web Scanner | βοΈ |
| Golismero | Scanner | βοΈ |
| Nexpose | Scanner | βοΈ |
| Raccoon | Scanner | β |
| WhatWeb | Web Scanner | βοΈ |
| Puma Scan | Scanner Analysis | βοΈ |
| Arachni | Web Scanner | β |
| Legion | Scanner | βοΈ |
| Nessus | Scanner | βοΈ |
| OpenVAS | Scanner | βοΈ |
| Acuentrix | Scanner | βοΈ |
| Nikto | Web Scanner | βοΈ |
| Sqlmap | SQL Scanner | βοΈ |
| Striker | Scanner | β |
| Zaproxy | Web Scanner | βοΈ |
| AutoRecon | Scanner | βοΈ |
| ScanOval | Application Vulnerabilities in XML files | βοΈ |
| Data | Description |
|---|---|
| CVE | Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures |
| Exploitdb | The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more |
| 0day | 0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals |
| NVD NIST | NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP) |
| Vuldb | Vulnerability database documenting and explaining security vulnerabilities and exploits |
| Synk | Vulnerability database detailed information and remediation guidance for known vulnerabilities |