This repository is a collection of hacker tools, resources, and links for vulnerability analysis. Most tools are UNIX-compliant, free, and open source.

:telescope: OSINT:

Open-source intelligence (OSINT) is intelligence collected from publicly available sources.

• Sherlock
• theHarverest
• aquatone
• spiderfoot
• DNSstuff
• Builtwith
• infosniper
• who.is
• spyse
• onyphe
• urlscan
• scans
• shodan
• censys
• zoomeye
• R3CON1Z3R

Localized search engines by country.

• Najdsi (Slovenia)
• Walla (Israel)
• Goo (Japan)
• Naver (South Korea)
• Baidu (China)
• Yandex (Russia)

Search for all kind of files.

• FileChef
• File Search Engine
• SearchFiles.de
• FileListing

---

:hammer: SecAnalysisTools:

Vulnerability Assessment and Management Systems | Software | Category | Update Last 6 mouth | |----------------|:----------------:|:----------------:| |Archerysec|Vulnerability Assessment and Management| :heavy_check_mark:| |DefectDojo|Vulnerability Assessment and Management|:heavy_check_mark:| |faraday|Vulnerability Assessment and Management| :heavy_check_mark: | |rengine|Vulnerability Assessment and Management, Scanner| :heavy_check_mark: |

Vulnerability Analysis Software. | Software | Category | Update Last 6 mouth | |----------------|:----------------:|:----------------:| |hydra|Password-cracker| :heavy_check_mark: | |Vuls|Vulnerability Assessment and Management| :heavy_check_mark: | |Metasploit|Exploit Framework| :heavy_check_mark: | |MobSF|Exploit Framework (for Mobile)| :heavy_check_mark: | |git-secret|Cryptography| :heavy_check_mark: | |truffleHog|Secret finding| :x: | |GitLeaks|Secret finding| :heavy_check_mark: | |RedTeamScripts|C# scripts| :heavy_check_mark: | |knock|Subdomain Enumeration| :x: | |SubDomainsBrute|Subdomain Enumeration| :heavy_check_mark: | |SubDomain3|Subdomain Enumeration| :heavy_check_mark: | |domained|Subdomain Enumeration|:heavy_check_mark: | |routerslpoit|Exploit Framework| :x: | |BeFF|Exploit Framework| :heavy_check_mark: |

SAST:

| Software | Analyze Code | Update Last 6 mouth | |----------------|:----------------:|:----------------:| |Insider|Java, Kotlin, Swift, .NET, C#, Javascript| :heavy_check_mark: | |Bearer| JavaScript/TypeScript, Ruby, PHP, Java (Beta), Go (Beta), Python (Alpha) | :heavy_check_mark: | |Infer#| C# | :heavy_check_mark: | |SpotBugs|Java| :heavy_check_mark: | |PVS-Studio|Multilanguage| :heavy_check_mark: | |PMD|Multilanguage| :heavy_check_mark: | |PHPvulnhunter|PHP| :x: | |FindSecBug|Java web, Andriod, Scala, Kotlin, Groovy| :heavy_check_mark: | |codechecker|C/C++| :heavy_check_mark: | |cppcheck|C/C++| :heavy_check_mark: | |cobra|PHP,Java| :x: | |brakeman|Ruby on Rails| :heavy_check_mark: | |SecCodeScan|C#, VB.NET| :heavy_check_mark: | |Cascade|C#| :x: | |Bandit|Python| :heavy_check_mark: | |LLVM Clang|C, Objective-C, C++ and Objective-C++| :heavy_check_mark: | |Codemodder|Java, Python, fixes non-trivial security issues and other code quality problems| :heavy_check_mark: |

DAST, IAST:

| Software | Description | Update Last 6 mouth | |----------------|:----------------:|:----------------:| |Snyk|Scanner Source Code| :heavy_check_mark: | |Contrast|Application Scanner Framework| :heavy_check_mark: | |CloudSploit|Analyze Cloud Infrastructure| :heavy_check_mark: | |SonaQube|Application Scanner Framework| :heavy_check_mark: | |WhiteSourceSoft|Application Scanner Framework| :heavy_check_mark: | |PT Application Inspector|Application Scanner Framework| :heavy_check_mark: |

SCA, IAC

• https://github.com/Checkmarx/kics
• https://github.com/DependencyTrack/dependency-track
• https://github.com/bridgecrewio/checkov
• https://github.com/aquasecurity/trivy

SBOM

• https://github.com/CycloneDX/cdxgen
• https://github.com/anchore/syft

Scanners:

| Software | Category |Update Last 6 mouth| |----------------|:----------------:|:----------------:| |Tsunami|Scanner| :heavy_check_mark: | |WATOBO|Web Scanner| :heavy_check_mark: | |Osmedeus|Scanner| :heavy_check_mark: | |OneForAll|Scanner| :heavy_check_mark: | |osprey|Web Scanner| :x: | |Xray|Web Scanner| :heavy_check_mark:| |AZScanner|Scanner| :x: | |GroundScan|Scanner| :x: | |BBScan|Scanner| :x: | |AnyScan|Scanner| :x: | |WAScan|Web Scanner| :heavy_check_mark: | |YukiChan|Scanner| :x: | |Poscan|Scanner| :x: | |w3af|Web Scanner| :x: | |sn1per|Scanner| :heavy_check_mark: | |Scanless|Scanner| :heavy_check_mark: | |NoSQLMap|NoSQL Scanner| :heavy_check_mark: | |Nmap|Scanner| :heavy_check_mark: | |NetSparker|Scanner| :heavy_check_mark: | |Wapiti|Web Scanner| :heavy_check_mark: | |Golismero|Scanner| :heavy_check_mark: | |Nexpose|Scanner| :heavy_check_mark: | |Raccoon|Scanner| :x: | |WhatWeb|Web Scanner| :heavy_check_mark: | |Puma Scan|Scanner Analysis| :heavy_check_mark: | |Arachni|Web Scanner| :x: | |Legion|Scanner|:heavy_check_mark: | |Nessus|Scanner|:heavy_check_mark:| |OpenVAS|Scanner|:heavy_check_mark:| |Acuentrix|Scanner|:heavy_check_mark:| |Nikto|Web Scanner|:heavy_check_mark:| |Sqlmap|SQL Scanner| :heavy_check_mark:| |Striker|Scanner|:x:| |Zaproxy|Web Scanner|:heavy_check_mark:| |AutoRecon|Scanner|:heavy_check_mark:| |ScanOval|Application Vulnerabilities in XML files|:heavy_check_mark:|

---

:open_file_folder: Vulnerability Database:

|Data|Description| |----------------|----------------| |CVE|Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures| |Exploitdb|The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more| |0day|0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals| |NVD NIST|NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Conten