Displaying 1 to 20 from 30 results

amass - In-depth subdomain enumeration written in Go

  •    Go

Amass is now an OWASP project and the OWASP GitHub organization repository is where all further development and releases will take place.

NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

  •    Python

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".

Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing

  •    Python

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).

Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning

  •    Python

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.




subfinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for websites

  •    Go

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.

AWSBucketDump - Security Tool to Look For Interesting Files in S3 Buckets

  •    Python

This is a tool that enumerates Amazon S3 buckets and looks for interesting files. I have example wordlists but I haven't put much time into refining them.

SpecializedEnum: a base class to allow enum-like behavior with arbitrary objects

  •    DotNet

This class uses readonly variables, reflection, generics, and an internal ordered list to provide behavior similar to that of an enum but with arbitrary objects or value types rather than only integer numeric types. Public static readonly variables can be added in the derived ...


Enumeration of objects Class Library C#

  •    

At core level in Java I like extension of traditional enum type permiting use as the elements instances of a class. The project implements the same idea by C# with some more advanced features like a set type with boolean operators extending idea of FlagsAttribute

pspy - Monitor linux processes without root permissions

  •    Go

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea. The tool gathers it's info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes.

Enum - Enumeration list for CakePHP 3

  •    PHP

Enumeration list for CakePHP 3. For documentation, as well as tutorials, see the Docs directory of this repository.

enumerate_it - Enumerations for Ruby with some magic powers! 🎩

  •    Ruby

EnumerateIt helps you to declare and use enumerations in a very simple and flexible way. Enumerations are created as classes and you should put them inside app/enumerations folder.

dirsearch - A Go implementation of dirsearch.

  •    Go

DirSearch takes an input URL ( -url parameter ) and a wordlist ( -wordlist parameter ), it will then perform concurrent HEAD requests using the lines of the wordlist as paths and files eventually bruteforcing folders and files on a web server. This project is copyleft of Simone Margaritelli and released under the GPL 3 license.

enumjs - Type-safe enums in JavaScript

  •    Javascript

This is an attempt at realizing type-safe enums in JavaScript. I'm most familiar with the way enums work in Java, and so I modeled this library after that. JavaScript doesn't have true enums. Most workarounds to this problem involve using a map where the keys represent the enum constants, and the values are integers or string-representations of the enum constants. This is a convenient solution, but the main problem is that you don't really get any type-safety since the values are just regular JavaScript types. This means that you can't even do instanceof checks, and you have to resort to checking the value against all defined-values to see if it is valid. *In Java the method is actually called valueOf and that's what I named it here originally as well. However, JavaScript has its own valueOf method on objects that does something else entirely, and I didn't want to override that behavior.

enumerations - Better Rails Enumerations

  •    Ruby

Rails plugin for Enumerations in ActiveRecord models. Attribute foreign_key you can pass as a String or a Symbol. Attribute class_name can be set as a String, a Symbol or a String.

OpenCVDeviceEnumerator - This repository contains a class that allows the enumeration of video and audio devices in order to get the device IDs that are required, for example to create a VideoCapture object inside OpenCV

  •    C++

This project contains a C++ class that allows the enumeration of devices using DirectShow in Windows, in order to select and obtain the ID that needs to be used with OpenCV when creating, for example, a VideoCapture object to grab frames from a camera. I decided to put this up as "How to get the ID of a device to use inside OpenCV?" is a question that pops up continuously. The maintainers of OpenCV don't include this functionality in the library because it is very operating system dependant. The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

IntRec-Pack - Intelligence and Reconnaissance Package/Bundle installer.

  •    Shell

Intelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.

MIDA-Multitool - Bash script purposed for system enumeration, vulnerability identification and privilege escalation

  •    Shell

Bash script purposed for system enumeration, vulnerability identification and privilege escalation. MIDA Multitool draws functionality from several of my previous scripts namely SysEnum and RootHelper and is in many regards RootHelpers successor.

SysEnum - Simple Bash script to retrieve basic system information.

  •    Shell

Simple Bash script to retrieve basic system information including but not limited to; current user, IP Configuration, ARP table and running processes.

Amass - In-Depth DNS Enumeration written in Go

  •    Go

The OWASP Amass tool obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks. A precompiled version is available for each release.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.