This repository is a collection of hacker tools, resources, and links for vulnerability analysis. Most tools are UNIX-compliant, free, and open source.
Open-source intelligence (OSINT) is intelligence collected from publicly available sources.
- Sherlock
- theHarverest
- aquatone
- spiderfoot
- DNSstuff
- Builtwith
- infosniper
- who.is
- spyse
- onyphe
- urlscan
- scans
- shodan
- censys
- zoomeye
- R3CON1Z3R
Localized search engines by country.
Search for all kind of files.
Vulnerability Assessment and Management Systems
Software | Category | Update Last 6 mouth |
---|---|---|
Archerysec | Vulnerability Assessment and Management | ✔️ |
DefectDojo | Vulnerability Assessment and Management | ✔️ |
faraday | Vulnerability Assessment and Management | ✔️ |
rengine | Vulnerability Assessment and Management, Scanner | ✔️ |
Vulnerability Analysis Software.
Software | Category | Update Last 6 mouth |
---|---|---|
hydra | Password-cracker | ✔️ |
Vuls | Vulnerability Assessment and Management | ✔️ |
Metasploit | Exploit Framework | ✔️ |
MobSF | Exploit Framework (for Mobile) | ✔️ |
git-secret | Cryptography | ✔️ |
truffleHog | Secret finding | ❌ |
GitLeaks | Secret finding | ✔️ |
RedTeamScripts | C# scripts | ✔️ |
knock | Subdomain Enumeration | ❌ |
SubDomainsBrute | Subdomain Enumeration | ✔️ |
SubDomain3 | Subdomain Enumeration | ✔️ |
domained | Subdomain Enumeration | ✔️ |
routerslpoit | Exploit Framework | ❌ |
BeFF | Exploit Framework | ✔️ |
Software | Analyze Code | Update Last 6 mouth |
---|---|---|
Insider | Java, Kotlin, Swift, .NET, C#, Javascript | ✔️ |
Bearer | JavaScript/TypeScript, Ruby, PHP, Java (Beta), Go (Beta), Python (Alpha) | ✔️ |
Infer# | C# | ✔️ |
SpotBugs | Java | ✔️ |
PVS-Studio | Multilanguage | ✔️ |
PMD | Multilanguage | ✔️ |
PHPvulnhunter | PHP | ❌ |
FindSecBug | Java web, Andriod, Scala, Kotlin, Groovy | ✔️ |
codechecker | C/C++ | ✔️ |
cppcheck | C/C++ | ✔️ |
cobra | PHP,Java | ❌ |
brakeman | Ruby on Rails | ✔️ |
SecCodeScan | C#, VB.NET | ✔️ |
Cascade | C# | ❌ |
Bandit | Python | ✔️ |
LLVM Clang | C, Objective-C, C++ and Objective-C++ | ✔️ |
Codemodder | Java, Python, fixes non-trivial security issues and other code quality problems | ✔️ |
Software | Description | Update Last 6 mouth |
---|---|---|
Snyk | Scanner Source Code | ✔️ |
Contrast | Application Scanner Framework | ✔️ |
CloudSploit | Analyze Cloud Infrastructure | ✔️ |
SonaQube | Application Scanner Framework | ✔️ |
WhiteSourceSoft | Application Scanner Framework | ✔️ |
PT Application Inspector | Application Scanner Framework | ✔️ |
- https://github.com/Checkmarx/kics
- https://github.com/DependencyTrack/dependency-track
- https://github.com/bridgecrewio/checkov
- https://github.com/aquasecurity/trivy
Software | Category | Update Last 6 mouth |
---|---|---|
Tsunami | Scanner | ✔️ |
WATOBO | Web Scanner | ✔️ |
Osmedeus | Scanner | ✔️ |
OneForAll | Scanner | ✔️ |
osprey | Web Scanner | ❌ |
Xray | Web Scanner | ✔️ |
AZScanner | Scanner | ❌ |
GroundScan | Scanner | ❌ |
BBScan | Scanner | ❌ |
AnyScan | Scanner | ❌ |
WAScan | Web Scanner | ✔️ |
YukiChan | Scanner | ❌ |
Poscan | Scanner | ❌ |
w3af | Web Scanner | ❌ |
sn1per | Scanner | ✔️ |
Scanless | Scanner | ✔️ |
NoSQLMap | NoSQL Scanner | ✔️ |
Nmap | Scanner | ✔️ |
NetSparker | Scanner | ✔️ |
Wapiti | Web Scanner | ✔️ |
Golismero | Scanner | ✔️ |
Nexpose | Scanner | ✔️ |
Raccoon | Scanner | ❌ |
WhatWeb | Web Scanner | ✔️ |
Puma Scan | Scanner Analysis | ✔️ |
Arachni | Web Scanner | ❌ |
Legion | Scanner | ✔️ |
Nessus | Scanner | ✔️ |
OpenVAS | Scanner | ✔️ |
Acuentrix | Scanner | ✔️ |
Nikto | Web Scanner | ✔️ |
Sqlmap | SQL Scanner | ✔️ |
Striker | Scanner | ❌ |
Zaproxy | Web Scanner | ✔️ |
AutoRecon | Scanner | ✔️ |
ScanOval | Application Vulnerabilities in XML files | ✔️ |
Data | Description |
---|---|
CVE | Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures |
Exploitdb | The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more |
0day | 0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals |
NVD NIST | NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP) |
Vuldb | Vulnerability database documenting and explaining security vulnerabilities and exploits |
Synk | Vulnerability database detailed information and remediation guidance for known vulnerabilities |