Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

Daemon to ban hosts that cause multiple authentication errors

Automated Mass Exploiter

Infection Monkey - An automated pentest tool

Bandit is a tool designed to find common security issues in Python code.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Source Code Security Audit (源代码安全审计)

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Automated NoSQL database enumeration and web application exploitation tool.

Awesome hacking is an awesome collection of hacking tools.

Forseti Security

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Find web directories without bruteforce

A default credential scanner.

Python low-interaction honeyclient

Find exploit tool

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Enumeration sub domains(枚举子域名)

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

GitGuardian Shield - Protect your secrets with GitGuardian. GitGuardian is an automated secrets detection & remediation service. Detect secret in source code, scan your repo for leaks.

Dark Web OSINT Tool