This repository is a collection of hacker tools, resources, and links for vulnerability analysis. Most tools are UNIX-compliant, free, and open source.
Open-source intelligence (OSINT) is intelligence collected from publicly available sources.
- Sherlock
- theHarverest
- aquatone
- spiderfoot
- DNSstuff
- Builtwith
- infosniper
- who.is
- spyse
- onyphe
- urlscan
- scans
- shodan
- censys
- zoomeye
- R3CON1Z3R
Localized search engines by country.
Search for all kind of files.
Vulnerability Assessment and Management Systems
| Software | Category | Update Last 6 mouth |
|---|---|---|
| Archerysec | Vulnerability Assessment and Management | ✔️ |
| DefectDojo | Vulnerability Assessment and Management | ✔️ |
| faraday | Vulnerability Assessment and Management | ✔️ |
| rengine | Vulnerability Assessment and Management, Scanner | ✔️ |
Vulnerability Analysis Software.
| Software | Category | Update Last 6 mouth |
|---|---|---|
| hydra | Password-cracker | ✔️ |
| Vuls | Vulnerability Assessment and Management | ✔️ |
| Metasploit | Exploit Framework | ✔️ |
| MobSF | Exploit Framework (for Mobile) | ✔️ |
| git-secret | Cryptography | ✔️ |
| truffleHog | Secret finding | ❌ |
| GitLeaks | Secret finding | ✔️ |
| RedTeamScripts | C# scripts | ✔️ |
| knock | Subdomain Enumeration | ❌ |
| SubDomainsBrute | Subdomain Enumeration | ✔️ |
| SubDomain3 | Subdomain Enumeration | ✔️ |
| domained | Subdomain Enumeration | ✔️ |
| routerslpoit | Exploit Framework | ❌ |
| BeFF | Exploit Framework | ✔️ |
| Software | Analyze Code | Update Last 6 mouth |
|---|---|---|
| Insider | Java, Kotlin, Swift, .NET, C#, Javascript | ✔️ |
| Bearer | JavaScript/TypeScript, Ruby, PHP, Java (Beta), Go (Beta), Python (Alpha) | ✔️ |
| Infer# | C# | ✔️ |
| SpotBugs | Java | ✔️ |
| PVS-Studio | Multilanguage | ✔️ |
| PMD | Multilanguage | ✔️ |
| PHPvulnhunter | PHP | ❌ |
| FindSecBug | Java web, Andriod, Scala, Kotlin, Groovy | ✔️ |
| codechecker | C/C++ | ✔️ |
| cppcheck | C/C++ | ✔️ |
| cobra | PHP,Java | ❌ |
| brakeman | Ruby on Rails | ✔️ |
| SecCodeScan | C#, VB.NET | ✔️ |
| Cascade | C# | ❌ |
| Bandit | Python | ✔️ |
| LLVM Clang | C, Objective-C, C++ and Objective-C++ | ✔️ |
| Codemodder | Java, Python, fixes non-trivial security issues and other code quality problems | ✔️ |
| Software | Description | Update Last 6 mouth |
|---|---|---|
| Snyk | Scanner Source Code | ✔️ |
| Contrast | Application Scanner Framework | ✔️ |
| CloudSploit | Analyze Cloud Infrastructure | ✔️ |
| SonaQube | Application Scanner Framework | ✔️ |
| WhiteSourceSoft | Application Scanner Framework | ✔️ |
| PT Application Inspector | Application Scanner Framework | ✔️ |
- https://github.com/Checkmarx/kics
- https://github.com/DependencyTrack/dependency-track
- https://github.com/bridgecrewio/checkov
- https://github.com/aquasecurity/trivy
| Software | Category | Update Last 6 mouth |
|---|---|---|
| Tsunami | Scanner | ✔️ |
| WATOBO | Web Scanner | ✔️ |
| Osmedeus | Scanner | ✔️ |
| OneForAll | Scanner | ✔️ |
| osprey | Web Scanner | ❌ |
| Xray | Web Scanner | ✔️ |
| AZScanner | Scanner | ❌ |
| GroundScan | Scanner | ❌ |
| BBScan | Scanner | ❌ |
| AnyScan | Scanner | ❌ |
| WAScan | Web Scanner | ✔️ |
| YukiChan | Scanner | ❌ |
| Poscan | Scanner | ❌ |
| w3af | Web Scanner | ❌ |
| sn1per | Scanner | ✔️ |
| Scanless | Scanner | ✔️ |
| NoSQLMap | NoSQL Scanner | ✔️ |
| Nmap | Scanner | ✔️ |
| NetSparker | Scanner | ✔️ |
| Wapiti | Web Scanner | ✔️ |
| Golismero | Scanner | ✔️ |
| Nexpose | Scanner | ✔️ |
| Raccoon | Scanner | ❌ |
| WhatWeb | Web Scanner | ✔️ |
| Puma Scan | Scanner Analysis | ✔️ |
| Arachni | Web Scanner | ❌ |
| Legion | Scanner | ✔️ |
| Nessus | Scanner | ✔️ |
| OpenVAS | Scanner | ✔️ |
| Acuentrix | Scanner | ✔️ |
| Nikto | Web Scanner | ✔️ |
| Sqlmap | SQL Scanner | ✔️ |
| Striker | Scanner | ❌ |
| Zaproxy | Web Scanner | ✔️ |
| AutoRecon | Scanner | ✔️ |
| ScanOval | Application Vulnerabilities in XML files | ✔️ |
| Data | Description |
|---|---|
| CVE | Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures |
| Exploitdb | The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more |
| 0day | 0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals |
| NVD NIST | NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP) |
| Vuldb | Vulnerability database documenting and explaining security vulnerabilities and exploits |
| Synk | Vulnerability database detailed information and remediation guidance for known vulnerabilities |