30 open-source projects similar to datasploit/datasploit, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Datasploit alternative.
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
theHarvester is a command-line utility designed for gathering open-source intelligence and mapping an organization's external attack surface. It functions as a security information gathering framework that automates the collection of publicly available data to assist in reconnaissance and threat analysis. The tool utilizes a plugin-based architecture to execute isolated queries against various search engines and public databases. It employs asynchronous task execution to run multiple discovery operations in parallel, while a centralized pipeline aggregates and deduplicates findings from these
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
SpiderFoot is an open-source reconnaissance and intelligence automation framework designed to streamline the collection and correlation of data for security investigations. It functions as a comprehensive platform that automates the querying of hundreds of public data sources to map digital footprints, identify exposed assets, and uncover potential security threats across an organization's external perimeter. The platform distinguishes itself through a modular, plugin-based architecture that executes data gathering tasks in parallel, supported by a directed graph data model that tracks relati
Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security
Patator is a multi-purpose brute force tool and modular security framework used for testing credentials, discovering network services, and fuzzing network protocols through automated payload delivery. It functions as a credential exhaustion framework and a network protocol fuzzer. The project provides specific utilities for recovering passwords from encrypted ZIP archives, enumerating DNS zones via forward and reverse queries, and identifying valid usernames and passwords across common network protocols. Its broader capabilities include web endpoint fuzzing, network service probing, and user
ShuiZe_0x727 is an open-source intelligence gathering framework and attack surface management tool. It functions as an asset discovery engine and cyber intelligence aggregator designed to identify internet-facing assets, map network infrastructure, and visualize total network exposure. The project integrates vulnerability scanning and sensitive data leak detection to identify security weaknesses and unauthorized access points. It employs a combination of network space API queries, certificate log analysis, and public repository scanning to extract leaked credentials, API keys, and internal ad
Findomain is a subdomain discovery tool and DNS resolver used for mapping an organization's external attack surface. It functions as a DNS infrastructure analyzer that searches for registered subdomains associated with a root domain to uncover undocumented infrastructure and services. The project includes an attack surface monitor that tracks changes to subdomains over time, using differential state monitoring to identify newly created or deleted assets. It provides real-time alerting via webhooks when changes in the monitored domain surface are detected. The system performs high-speed DNS r
An extendable tool to Collect, Crawl and Monitor onion sites on tor network and index collected information on Elasticsearch
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Collector is a OSINT tool and information gathering. I build this tool for my fun and you can use this tool for do OSINT. In github account and instagram account you can find information by username.
A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.
This project is an email verification tool that checks if an email address exists and can receive messages without sending an actual email. It provides these capabilities through a programmatic HTTP API and a local command line interface. The system distinguishes itself by combining SMTP handshake verification and DNS record resolution with a risk analysis tool that detects disposable addresses, role-based accounts, and catch-all domains. It also includes a metadata aggregator to retrieve public profile information and imagery associated with a specific email address. The broader capability
IntelOwl is a threat intelligence platform and security orchestration engine designed to aggregate, analyze, and enrich security observables. It functions as a security incident investigation tool and a threat intelligence aggregator, collecting data on files, domains, and IP addresses from diverse internal and external sources. The system differentiates itself through playbook-based workflow automation, allowing users to define reusable sequences of analysis tasks that trigger subsequent jobs based on prior outputs. It unifies disparate security data into a common schema and utilizes protoco
Command-line Google dork tool. This is an early predecessor to dorkbot, which may be more useful: https://github.com/utiso/dorkbot
This project is a comprehensive, community-curated directory of resources and methodologies for open-source intelligence gathering. It serves as a centralized reference framework for researchers, providing a structured index of specialized tools, databases, and search techniques used to collect and analyze publicly available information from across the global internet. The directory distinguishes itself through a hierarchical taxonomy that organizes complex investigative domains, ranging from cyber threat intelligence and digital forensic investigation to geospatial analysis and operational s
Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location
Trape is a browser-based remote access tool and exploit framework designed for gathering device geolocation, hardware profiles, and network data. It functions as an open-source intelligence platform and a system for executing custom scripts and triggering browser vulnerabilities to capture credentials or monitor device activity. The project features a real-time geolocation tracker capable of retrieving precise physical coordinates and monitoring individual movement, including silent acquisition that bypasses standard location prompts. It further provides a network tunneling service to make lo