30 open-source projects similar to hackmanit/web-cache-vulnerability-scanner, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Web Cache Vulnerability Scanner alternative.
OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis
Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno
Hetty is an HTTP intercepting proxy and web security research toolkit used to capture, inspect, and modify traffic between a browser and a server. It functions as an HTTP request editor for creating and replaying manual requests to test server behavior and as a project-based traffic logger that isolates network logs across different security research engagements. The tool provides a request-response interception loop that pauses outgoing requests and incoming responses in transit, allowing for manual editing or cancellation. It includes a manual request replay engine to construct and transmit
BeEF is a modular security testing environment designed for browser exploitation and web application auditing. It functions as a platform for security professionals to evaluate client-side defenses by injecting persistent scripts into web browsers, establishing a bidirectional communication channel for remote command execution and data exfiltration. The framework distinguishes itself through its ability to use compromised browser sessions as proxies to conduct internal network reconnaissance, effectively bypassing perimeter security controls. It utilizes an event-driven control interface and
Redbird is a Node.js reverse proxy used to route external network traffic to internal servers. It functions as a layer 7 load balancer that maps incoming requests from specific domains or hosts to target upstream servers, shielding backend services from direct public exposure. The project features dynamic route management, allowing routing rules to be updated programmatically at runtime. It synchronizes these routes automatically by polling external sources such as Docker containers and etcd clusters to align proxy configurations with service lifecycles. Additional capabilities include SSL a
Photon is a command-line web crawler designed for security reconnaissance and information gathering. It systematically traverses websites to discover URLs, map domain infrastructure, and identify associated subdomains by retrieving DNS records. The tool distinguishes itself through its ability to perform deep content analysis, including the extraction of sensitive data such as API keys and authentication tokens using user-defined regular expressions. It supports offline inspection by cloning crawled web content to the local filesystem, allowing for structural analysis without additional netwo
Clashfree is a network traffic routing platform designed to facilitate access to restricted online resources and digital services. It functions as a proxy configuration management tool that enables users to route internet traffic through encrypted tunnels, effectively bypassing regional access restrictions. The system provides a centralized way to manage network proxy connections and organize multiple routing profiles across various environments. The project distinguishes itself by providing automated subscription services that distribute daily updated proxy node lists and configuration files
AnyCrawl is an AI-powered data extractor, automated web crawler, and headless browser orchestrator. It serves as a web content extraction API and a gateway that connects crawling and scraping tools to language models using a standardized API protocol. The project specializes in converting unstructured website content into structured JSON or markdown optimized for AI assistants. It utilizes language models and JSON schemas to pull specific information into validated formats and provides capabilities for AI page summarization and LLM-optimized content extraction. The system manages comprehensi
Crawlee is a web scraping framework designed for building scalable, reliable, and distributed data extraction pipelines. It provides a unified interface for managing headless browser automation and lightweight HTTP requests, allowing developers to handle complex web navigation, dynamic content rendering, and large-scale data collection within a single, modular architecture. The project distinguishes itself through its resource-aware concurrency controller, which dynamically scales task execution based on real-time CPU and memory usage to prevent host machine exhaustion. It also features a rob
This project is an Android RPA framework designed for automating user interfaces and system tasks on rooted Android devices using Python and ADB. It provides a suite of tools for rooted device management, allowing for programmatic control of system settings, application lifecycles, and shell command execution via a remote API. The framework distinguishes itself through a combination of dynamic instrumentation and AI integration. It can inject scripts into running processes to hook Java interfaces and modifies application behavior in real time. Additionally, it supports large language model in
react-snap is a static site generator and single-page application prerenderer. It converts dynamic client-side components into static HTML files using a headless browser to improve search engine optimization and initial load speeds. The project features a headless browser crawler that automatically discovers application routes by following internal links. It includes a hydration optimizer that captures application state and caches network responses during the rendering process, embedding them directly into the HTML to synchronize the client-side application without re-fetching data. The tool
XMRig is a multi-algorithm hashing tool and cryptocurrency miner that utilizes CPU, CUDA, and OpenCL hardware to execute hashing algorithms across multiple operating systems. It functions as a computational engine for mining cryptocurrency and benchmarking hardware efficiency. The project includes a Stratum proxy server that routes mining traffic between worker clients and pools to optimize connectivity and balance load. It also provides a secured HTTP management API for monitoring hashrates and modifying miner configuration in real time without restarting the process. The software covers a
Colly is a web scraping framework and concurrent crawler written in Go. It provides a system for traversing web pages, following links, and extracting structured data from HTML and XML documents. The framework includes a distributed scraping engine designed to spread data collection tasks across multiple instances to increase throughput. It ensures compliance with website owner policies by automatically reading and respecting robots.txt files. The system manages request lifecycles through domain-based rate limiting, concurrency controls, and session management via a stateful cookie jar. It s
This tool is a command-line utility designed for automated web resource discovery, fuzzing, and application structure mapping. It functions as a security-focused scanner that identifies hidden files, directories, parameters, and virtual hosts by injecting payloads into HTTP requests. By systematically testing how servers handle various inputs, it assists in mapping the architecture of web applications and uncovering potential security vulnerabilities. The tool distinguishes itself through a highly concurrent engine that manages asynchronous request execution and recursive job orchestration. I
Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc
node-crawler is a programmable web crawler for Node.js that manages request queues and automates data extraction. It functions as a rate-limited HTTP client and a headless HTML parser, providing the infrastructure to visit large sets of URLs asynchronously while preventing duplicate processing through task deduplication. The project distinguishes itself through a proxy rotation manager that cycles user agents and proxy servers to bypass access restrictions. It utilizes the HTTP/2 protocol to improve request performance and server compatibility during large-scale scraping operations. The syst
libhv is a high-performance C/C++ network library and event-driven I/O framework used to build TCP, UDP, SSL, HTTP, WebSocket, and MQTT clients and servers. It provides a non-blocking event loop for managing network sockets, timers, and system signals across multiple threads. The project is distinguished by its integrated support for specialized network roles, including a full HTTP web server with RESTful routing and middleware, an MQTT messaging client for IoT communication, and the ability to implement SOCKS5 and HTTP proxies. It also features a reliable UDP implementation to ensure ordered
X-ray is a headless browser web scraper and HTML content crawler designed to extract structured data from websites. It functions as a stream-based data scraper and structured data extractor, using selectors to retrieve text and attributes from HTML as nested objects or arrays. The project includes a request rate controller to manage network traffic through concurrency limits, throttles, and timeouts. It handles dynamic website scraping by rendering JavaScript via a headless browser and performs automated website crawling using breadth-first link following and pagination management. The syste
Karakeep is a self-hosted, open-source platform designed for personal knowledge management and web content archiving. It functions as a centralized repository where users can capture, organize, and preserve bookmarks, notes, and media files, ensuring long-term access to digital information even if original sources are removed or modified. The system distinguishes itself through its automated content processing and security-focused architecture. It utilizes headless browser crawling and optical character recognition to ingest and index web content, while a modular artificial intelligence pipel
This project is an OS-level process sandbox and cross-platform security wrapper for Linux and macOS. It is designed to isolate arbitrary processes from the host machine by restricting filesystem and network access without the use of full containerization. The system functions as a system-call interceptor and access controller, blocking unauthorized operating system calls based on predefined security policies. It employs allowlists and denylists to manage resource requests and monitors for security violations in real time. Capability areas include filesystem access management using glob-patte
Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments. The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing passwor
Gevent is a Python coroutine concurrency library and asynchronous task manager designed for high-concurrency I/O tasks. It provides a cooperative networking framework for building asynchronous TCP, UDP, and HTTP servers, as well as a WSGI web server implementation for hosting web applications. The project is distinguished by its standard library monkey-patching tool, which replaces blocking synchronous functions with cooperative versions to enable asynchronous behavior in third-party code. This allows for a cooperative multitasking workflow where the system yields execution during I/O waits t
OmniRoute is a unified LLM API gateway that connects multiple AI providers to a single endpoint. Its primary purpose is to simplify the integration of various AI models into tools and agents by translating different provider formats into a standardized API. The project distinguishes itself through a multi-strategy request routing system that optimizes for cost, speed, and availability, including automatic model fallbacks and a circuit-breaker resilience model to isolate provider failures. It employs a local-first security posture, using AES-256-GCM encryption to store API keys and conversatio
GraphQL-Ruby is a Ruby library for building GraphQL APIs with a strongly typed schema and a dedicated query execution engine. It provides a comprehensive framework for mapping application objects to a formal type system, enabling structured data fetching through defined resolvers. The project distinguishes itself with advanced performance and delivery mechanisms, including a data loader for batching and caching to prevent N+1 query patterns. It supports high-performance data delivery through incremental response streaming, deferred query responses, and parallel data fetching using fibers. Add
Salvo is a comprehensive Rust web framework for building asynchronous HTTP servers and web applications. It features a hierarchical web router that uses a tree-based structure to map requests to handlers and an asynchronous middleware pipeline based on the onion model for request and response pre- and post-processing. The framework is distinguished by its native support for modern network protocols, including a QUIC-based HTTP/3 implementation alongside HTTP/1 and HTTP/2. It includes an integrated OpenAPI documentation generator that extracts schemas directly from handler signatures to produc
Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
This project is an agentic framework designed to enable autonomous web navigation and browser automation. It functions as a controller that translates natural language instructions into deterministic browser actions, allowing agents to interact with websites, perform data extraction, and manage complex authentication flows. By leveraging accessibility trees and semantic element resolution, the framework mimics human-like navigation, moving beyond brittle DOM selectors to interact reliably with modern web interfaces. The framework distinguishes itself through its focus on secure, scalable exec
Vector is a high-performance observability data pipeline designed to collect, transform, and route logs, metrics, and traces across distributed infrastructure. It functions as a modular engine that decouples data ingestion from processing and transmission, utilizing a component-based architecture to connect diverse sources to multiple destinations. The project distinguishes itself through a focus on reliability and flow control. It implements backpressure-aware data movement to prevent data loss during traffic spikes and utilizes disk-backed event buffering to ensure durability during network