30 open-source projects similar to reverseclabs/drozer, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Drozer alternative.
Drozer is a security testing framework and runtime analyzer for Android applications and devices. It functions as an exploit management framework and a security toolset used to identify vulnerabilities, misconfigurations, and leaks within the Android operating system and its installed applications. The framework enables the simulation of application behavior and the interaction with communication endpoints to detect security flaws. It manages the execution, analysis, and sharing of public exploits for mobile security research. The system provides capabilities for application auditing, vulner
Drozer is an Android security assessment framework and vulnerability scanner. It serves as a security auditor for Android devices and their installed software, providing a specialized environment for analyzing inter-process communication mechanisms and auditing application endpoints. The framework focuses on Android inter-process communication analysis, allowing for the interrogation of system services and application components. It enables the execution of specialized security modules and custom scripts to identify vulnerabilities and test the security of runtime interfaces. The system prov
AndroRAT is a remote administration tool and surveillance framework for Android devices. It consists of a Python-based command server and a Java-based client agent that establish persistent socket connections to enable remote control and data extraction. The project includes a payload generator to create signed installation packages configured with specific network addresses and ports for deployment. Once active, the framework provides a central interface to manage multiple connected devices, maintaining access via a background service that restarts upon device boot. The system covers remote
JustTrustMe is an Android security auditing tool and mobile application penetration testing utility. Its primary purpose is to bypass hardcoded certificate requirements and disable SSL pinning in mobile applications to allow the inspection of encrypted API requests and responses. The project functions as a dynamic method hooking module that integrates with the Xposed framework. It uses system-level instrumentation to intercept Java runtime function calls and override security checks within third-party Android applications. The tool covers a range of capabilities including the disabling of SS
Knock is an attack surface management tool and DNS reconnaissance framework used for discovering and mapping an organization's external infrastructure. It functions as a subdomain enumeration tool and HTTP security scanner to identify reachable hosts and organizational assets. The project distinguishes itself by using a passive-active hybrid enumeration strategy, combining external API lookups with active wordlist brute-force attacks and DNS zone transfers. It includes a multi-stage validation pipeline that detects DNS wildcard records and verifies host connectivity to filter out false positi
Android-PIN-Bruteforce is a hardware-based automation tool designed to unlock Android device lockscreens by simulating numeric PIN entries. It functions as a USB HID input emulator that mimics a physical keyboard to send keystrokes to a target device without requiring root access or ADB. The utility is specifically designed to run on NetHunter-equipped devices for physical security auditing and device unlocking. The tool manages system lockouts by implementing progressive cooldown periods and configurable delays between input batches. It utilizes configuration-driven hardware mapping to adjus
Gowitness is a system for rendering web interfaces at scale to capture visual snapshots, HTTP metadata, and network scan results. It functions as a headless browser screenshot tool and a web surface mapper used to identify and visually document the attack surface of network ranges and URL lists. The tool includes a screenshot gallery server that provides a web-based interface for browsing, filtering, and managing a database of captures. It specifically serves as an Nmap target visualizer, parsing network scan results to automatically capture screenshots of discovered web services. Capabiliti
Findomain is a subdomain discovery tool and DNS resolver used for mapping an organization's external attack surface. It functions as a DNS infrastructure analyzer that searches for registered subdomains associated with a root domain to uncover undocumented infrastructure and services. The project includes an attack surface monitor that tracks changes to subdomains over time, using differential state monitoring to identify newly created or deleted assets. It provides real-time alerting via webhooks when changes in the monitored domain surface are detected. The system performs high-speed DNS r
recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte
This project is a bug bounty target dataset and security asset list. It serves as a structured repository of reachable network assets, domains, and applications eligible for security testing across multiple vulnerability disclosure programs. The dataset is designed to support bug bounty reconnaissance, attack surface mapping, and security target analysis. It provides organized scopes and target lists to help identify valid assets for security testing and vulnerability research workflows. The repository utilizes automated scraping pipelines and platform API integration to synchronize data. It
Epic is a toolkit for Android runtime instrumentation, method interception, and security posture auditing. It functions as an aspect-oriented programming framework and a dynamic method interceptor designed to monitor and alter the behavior of Java methods within the Android Runtime. The project provides capabilities for intercepting and modifying both core Android framework components and specific application logic. This allows for the injection of custom Java behavior and the redirection of method execution without altering the original source code. The framework includes tools for applicat
Rootbeer is an Android security SDK and root detection library designed to verify device integrity and identify operating system tampering. It functions as a device integrity checker that scans for management applications and system files indicating root access or unlocked bootloaders. The library employs a variety of detection techniques, including binary-presence scanning for superuser binaries, direct file system probing of restricted directories, and property-based environment validation of kernel flags and build properties. It utilizes a Java-native interface bridge to execute low-level
EyeWitness is a web infrastructure mapper and reconnaissance tool designed to automate the visual mapping of exposed web services. It functions as a headless browser screenshotter and HTTP reconnaissance utility that captures visual evidence and extracts server headers from lists of web targets. The system identifies server technologies and audits for common default administrative credentials to map an organization's external attack surface. It generates searchable HTML security reports that combine screenshots, page source code, and categorized analysis results for vulnerability assessment.
Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet
Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove
Subfinder is a passive subdomain enumeration tool and DNS asset discovery utility designed for mapping the external attack surface of a domain. It functions as a passive reconnaissance framework that identifies subdomains by querying curated third-party data sources and APIs without interacting directly with the target infrastructure. The tool utilizes a modular provider interface to integrate various passive sources and employs concurrent request orchestration to manage simultaneous network queries. It includes wildcard DNS filtering to identify and remove catch-all records, ensuring the res
Waybackurls is a command-line OSINT tool that retrieves every known URL for a given domain from the Wayback Machine archive. It functions as a domain reconnaissance utility, discovering forgotten API endpoints, legacy pages, and hidden files by querying the public web archive API. The tool processes domains independently and statelessly, reading domain names from standard input and streaming discovered URLs line-by-line to standard output. This design enables seamless integration into Unix command pipelines, allowing users to chain waybackurls with other tools for filtering, sorting, and furt
Knockpy is a DNS subdomain scanner and passive reconnaissance tool designed to discover subdomains and gather network intelligence. It functions as a DNS enumeration framework that combines active discovery methods with the ability to query external security services for passive domain data. The tool identifies targets through a combination of wordlist-based brute forcing, DNS zone transfers, and the aggregation of data from external security APIs. To ensure accuracy, it includes wildcard DNS detection to filter out false positives during the enumeration process. Beyond discovery, the system
Subfinder is a passive subdomain enumeration tool and DNS discovery utility designed to identify valid subdomains and hostnames associated with a specific organization or domain. It functions as a passive reconnaissance tool, gathering information about target domains by querying online databases without sending network traffic to the target infrastructure. The tool utilizes a pluggable provider architecture to separate discovery logic into independent modules, allowing for the integration of multiple passive-source APIs. It employs a concurrent-worker request model to execute network request
Discover is a bash-based penetration testing toolkit designed to automate reconnaissance, scanning, and enumeration tasks. It functions as a comprehensive suite for open-source intelligence gathering, network reconnaissance, container auditing, payload generation, and security data parsing. The project distinguishes itself by integrating multiple specialized workflows, including a passive OSINT framework for extracting company metadata, a network reconnaissance suite for mapping attack surfaces, and a container security auditor for identifying vulnerabilities and secrets in images and cluster
Learn-Web-Hacking is a structured web security study guide and penetration testing knowledge base. It provides a collection of research notes focused on identifying and exploiting vulnerabilities in web applications and network protocols. The project includes specialized frameworks for evaluating security risks in large language models to prevent prompt injection, as well as guides for hardening cloud-native infrastructure, including container standards and orchestration tools. It also covers the analysis of identity standards and authentication protocols. The material spans a broad range of
This project is an offensive security toolkit and development framework for creating memory-safe malware, network scanners, and payload generators. It provides a structured approach to developing exploits, shellcode, and remote access tools. The framework distinguishes itself through the use of no-standard-library environments to generate minimal standalone machine code and shellcode. It also supports the compilation of high-performance logic into WebAssembly for the creation of deceptive web interfaces used in social engineering. Capability areas cover automated vulnerability discovery via
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
Nettacker is an automated penetration testing framework designed to orchestrate reconnaissance, port scanning, and vulnerability detection. It functions as a network reconnaissance tool and vulnerability scanner that identifies open ports, fingerprints services, and checks systems against databases of known security flaws. The framework distinguishes itself by combining a web application crawler for discovering hidden paths via fuzzing with a vulnerability management system that persists scan results in a database to track historical assessments. It also includes specialized capabilities for
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a bro
Gau is a command-line tool and passive URL enumerator designed to discover and aggregate known and historical web addresses for specific target domains. It functions as a collection framework that retrieves domain-specific data from public web archives and threat intelligence providers. The tool focuses on passive reconnaissance and open-source intelligence research to map attack surfaces without sending requests directly to target infrastructure. It aggregates data from multiple external sources to identify accessible web endpoints and forgotten pages. The system includes capabilities for r
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships