30 open-source projects similar to beefproject/beef, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Beef alternative.
This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i
The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br
Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments. The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing passwor
The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to
XSStrike is an automated security scanning engine designed for web application discovery, input
bbs-go is a community forum software written in Go. It functions as a gamified community platform and social network framework, providing tools for hosting public discussions, managing knowledge bases, and coordinating user identities. The platform is distinguished by an integrated gamification engine that tracks activity via daily check-ins and reward tasks to award experience points, levels, and badges. It also features a specialized identity and access manager that supports role-based access control and third-party identity federation, including Google Sign-In integration. The system cove
Wifiphisher is a modular security framework designed for wireless penetration testing and social engineering auditing. It functions as a platform for security professionals to assess the resilience of Wi-Fi networks by simulating unauthorized access, performing man-in-the-middle interceptions, and executing credential-harvesting scenarios. The tool distinguishes itself through its ability to combine rogue access point deployment with dynamic phishing interfaces. By forcing wireless clients to associate with deceptive infrastructure, the framework can capture network metadata and inject it int
Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru
This project is a modular, open-source customer relationship management platform built on the Laravel framework. It serves as a comprehensive business application framework designed for tracking sales pipelines, managing business entities, and automating marketing workflows. By providing a self-hosted solution, it enables organizations to maintain full control over their contact data, sales leads, and communication history. The platform distinguishes itself through a highly extensible architecture that allows developers to modify core behavior without altering the underlying source code. It u
NodeBB is a real-time, self-hosted community forum platform built on Node.js. It is designed to support scalable discussion environments by utilizing a document-oriented database for content storage and an in-memory engine for high-speed data retrieval and session management. The platform provides a comprehensive administrative interface for managing user groups, forum settings, and system health. What distinguishes the platform is its native support for federated social networking via the ActivityPub protocol, allowing forums to exchange content, synchronize discussions, and interact with de
Trape is a browser-based remote access tool and exploit framework designed for gathering device geolocation, hardware profiles, and network data. It functions as an open-source intelligence platform and a system for executing custom scripts and triggering browser vulnerabilities to capture credentials or monitor device activity. The project features a real-time geolocation tracker capable of retrieving precise physical coordinates and monitoring individual movement, including silent acquisition that bypasses standard location prompts. It further provides a network tunneling service to make lo
AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social eng
Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
TheFatRat is a security exploitation framework designed to automate the creation, obfuscation, and deployment of payloads for penetration testing. It functions as a comprehensive toolkit that streamlines the exploitation lifecycle, enabling users to generate malicious executables, manage network listeners, and execute post-exploitation tasks through a unified command-line interface. The framework distinguishes itself by integrating various third-party exploitation utilities into a single, orchestrated workflow. It provides specialized capabilities for embedding code into legitimate binaries a
PentestGPT is an autonomous security testing framework that leverages large language models to plan, execute, and coordinate end-to-end penetration testing engagements. By functioning as an autonomous agent, the system automates the entire testing lifecycle, from initial reconnaissance and vulnerability analysis to the generation of custom exploits and the execution of post-exploitation tasks. The platform distinguishes itself through a multi-agent orchestration system that coordinates specialized AI agents to collaborate on complex, multi-stage attack chains. It integrates multimodal context
TastyIgniter is a comprehensive restaurant management system and digital ordering engine. Built as a modular application framework, it provides the tools necessary to operate online food ordering, table reservation systems, and multi-vendor e-commerce platforms. The platform is designed to handle complex restaurant operations, including multi-location networking and multi-vendor marketplace management. It distinguishes itself through specialized restaurant automation, such as coordinating guest limits and time slots for bookings, managing ingredient and allergen catalogs, and implementing mul
Red-DiscordBot is a modular framework for building and self-hosting Discord bots. It functions as a server management tool and community moderation bot that can be tailored by enabling or disabling specific feature modules. The system is distinguished by its extensible plugin architecture, which allows for the integration of third-party modules and the development of custom functional packages. Users can manage bot behavior through a chat-based interface, enabling them to assemble custom bots and define unique responses and behaviors without writing new code. The framework covers a broad ran
This project is an automated security scanner designed to identify vulnerabilities within web caching layers. It functions as an HTTP protocol security tool that probes web infrastructure by manipulating request headers, parameters, and cookies to observe how servers handle and store content. The scanner distinguishes itself through specialized cache behavior analysis, which targets specific flaws such as cache poisoning and cache deception. It incorporates a recursive crawler to map web application endpoints and utilizes configurable proxy routing to facilitate traffic inspection and debuggi
OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-s
Tsunami Security Scanner is a network vulnerability scanner and security auditor designed to identify high-severity flaws across network assets. It functions as an asynchronous security probe engine that utilizes automated probes and specialized detection logic to find critical weaknesses and prioritize remediation efforts. The project is distinguished by a plugin-based scanning engine, which uses a modular architecture of interchangeable detection plugins to identify vulnerabilities. This extensibility allows for the development and integration of custom security plugins to expand the variet
Ghauri is an automated SQL injection scanner and exploitation tool designed to detect and extract data from vulnerable databases. It functions as a database exfiltration framework that identifies security flaws and retrieves system banners, hostnames, and database schemas. The tool identifies boolean, error, time-based, and stacked query vulnerabilities across multiple input vectors, including HTTP headers, cookies, JSON, SOAP, and XML. It provides capabilities for automated database exfiltration and the processing of bulk target lists to identify flaws across multiple environments. The syst
Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t
SpiderFoot is an open-source reconnaissance and intelligence automation framework designed to streamline the collection and correlation of data for security investigations. It functions as a comprehensive platform that automates the querying of hundreds of public data sources to map digital footprints, identify exposed assets, and uncover potential security threats across an organization's external perimeter. The platform distinguishes itself through a modular, plugin-based architecture that executes data gathering tasks in parallel, supported by a directed graph data model that tracks relati
Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc
Teleport is a zero-trust access platform designed to provide secure, identity-based connectivity to servers, databases, and Kubernetes clusters. It functions as a centralized gateway that replaces static credentials with short-lived, identity-bound cryptographic certificates, effectively eliminating the need for traditional VPNs and long-term secret exposure. The platform distinguishes itself by orchestrating access through a unified control plane that maps external identity provider claims to granular, role-based infrastructure permissions. It enforces security through mutual TLS gateways an
Hydro is an online judge platform and competitive programming management system. It provides the infrastructure to host programming contests, manage a library of programming problems, and evaluate code submissions against predefined test cases and time limits. The system utilizes a distributed code execution engine that scales judging tasks across multiple worker nodes to process high volumes of submissions. It is built as a modular judge framework, employing a plugin-based architecture that allows for the extension of system functionality without modifying the core source code. The platform
Qor is a Go admin framework and backend toolkit used for building administrative interfaces, headless content management systems, and REST API generators. It provides a structured environment for implementing business application backends, specializing in the management of structured content and media assets. The project distinguishes itself through comprehensive multi-language content management, featuring locale-based data versioning and a dedicated system for internationalization and translation administration. It further differentiates its offering with a built-in state machine implementa