30 open-source projects similar to six2dez/onelistforall, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best OneListForAll alternative.
SecLists is a centralized library of security assessment data designed to support vulnerability discovery and penetration testing. It functions as a comprehensive repository of wordlists, payloads, and testing methodologies used to audit software, firmware, and internet-connected hardware for technical vulnerabilities. The project distinguishes itself through a standardized taxonomy and a language-agnostic data format, which allows security tools to predictably ingest and utilize its assets regardless of the underlying programming environment. By decoupling raw testing data from execution log
fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL i
fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-s
PDM is a Python package manager, dependency resolver, and build tool designed to create reproducible environments. It functions as a runtime manager that installs and switches between different versions of the Python interpreter using standalone builds, while managing isolated virtual environments to prevent version conflicts between projects. The tool distinguishes itself through the use of cross-platform lockfiles and a plugin-based extension architecture, allowing users to add new capabilities via external distributions. It provides a centralized package caching system and a parallel insta
Bitmagnet is a self-hosted BitTorrent metadata search engine and DHT torrent indexer. It functions as a private torrent database that crawls the Distributed Hash Table to discover and index content locally without relying on centralized trackers. The system distinguishes itself through an automated media classification pipeline that fetches information from external databases to tag and categorize content. It employs a rule-based classification engine and custom workflows to determine how indexed items are processed and organized. The project provides full-text search capabilities and multi-
Daft is a distributed dataframe library and multimodal data processor designed to handle large-scale structured and unstructured data. It functions as a vectorized execution engine that processes tables alongside images, audio, and video, utilizing a unified schema to manage diverse data types. The project distinguishes itself by combining distributed data engineering with large-scale AI inference. It provides an AI data pipeline for batch-optimizing model prompts and generating high-dimensional text embeddings, while utilizing zero-copy memory sharing to execute custom Python functions witho
This project provides a SQL interface for Elasticsearch, serving as a translator and database layer that allows users to retrieve, filter, and manipulate indices using structured query language. It functions by converting standard SQL statements into the native JSON query language used by the search engine. The system includes a geospatial SQL engine for executing location-based searches and distance calculations. It also features a query debugger used to visualize the translation process from SQL to search engine request bodies to verify the logic and accuracy of data retrieval. The capabil
Atomic Red Team is an adversary simulation tool and detection validation suite designed to emulate attacker behaviors. It functions as a security control testing framework that uses a library of portable tests to verify if security monitoring and alerting systems correctly identify specific malicious techniques. The project serves as a MITRE ATT&CK emulation framework, mapping individual test executions to a standardized industry taxonomy of adversary behaviors. This mapping allows for the validation of security controls against the MITRE ATT&CK matrix to identify gaps in detection and respon
Wuzz is an interactive command line HTTP client and request inspector designed for capturing, reviewing, and analyzing outgoing network calls and their payloads. It functions as a terminal-based tool for debugging API issues and testing web endpoints. The tool provides specialized filtering for response bodies, using regular expressions and format-specific query syntaxes tailored for JSON and HTML data. It allows for the persistence of captured requests and responses to disk to facilitate the reproduction of network issues and offline analysis. User settings and default request behaviors are
Monkey is an adversary emulation platform and breach and attack simulation tool designed to test network defenses through automated lateral movement and exploit delivery. It functions as a network security testing system that evaluates security posture by attempting to propagate through vulnerabilities and extract sensitive system credentials. The platform distinguishes itself by simulating specific real-world attacker behaviors, such as ransomware encryption, cryptojacking, and the theft of browser-stored credentials and secure shell keys. It utilizes binary hash randomization to evade antiv
HackTools is a browser extension pentesting toolkit designed for offensive security professionals. It serves as a centralized collection of tools for generating payloads, managing penetration testing workflows, and accessing security reference materials within a web-based interface. The project provides specialized utilities for generating attack strings for XSS, SQL injection, and reverse shells to identify and exploit web vulnerabilities. It includes a data encoding and hashing utility to convert information between various formats for the purpose of bypassing security filters or verifying
OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.
This project is an automated security scanner designed to identify vulnerabilities within web caching layers. It functions as an HTTP protocol security tool that probes web infrastructure by manipulating request headers, parameters, and cookies to observe how servers handle and store content. The scanner distinguishes itself through specialized cache behavior analysis, which targets specific flaws such as cache poisoning and cache deception. It incorporates a recursive crawler to map web application endpoints and utilizes configurable proxy routing to facilitate traffic inspection and debuggi
Vaex is a high-performance Apache Arrow DataFrame library and out-of-core data processing engine designed to handle billion-row tabular datasets in Python. It functions as a lazy evaluation framework that defers computations and transformations until results are required, enabling the processing of datasets that exceed available system RAM by mapping files directly from disk. The project distinguishes itself as a tool for big data visualization and exploration, specifically integrated for use within interactive notebooks. It provides specialized capabilities for machine learning feature engin
This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-part
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co
This project is a curated, version-controlled directory of software and resources designed for cybersecurity professionals and researchers. It functions as a centralized knowledge base that aggregates and organizes external security utilities into a structured taxonomy to facilitate discovery and access for specialized research and testing tasks. The repository distinguishes itself through a community-driven model where external resource locations are verified and maintained by contributors. By leveraging a distributed version control system, the project ensures the historical integrity and c
Ray is a distributed computing framework designed to scale Python and Java applications across clusters by abstracting task scheduling and resource management. It functions as a resource-aware execution engine that manages task dependencies, placement, and fault tolerance across networked compute nodes. At its core, the system provides a stateful actor model, allowing developers to define classes that run in dedicated processes to maintain and mutate internal state across remote method calls. The framework distinguishes itself through a robust cross-language interoperability layer, enabling f
GAM is a command-line tool for administering Google Workspace and Cloud Identity. It translates command-line arguments into structured API calls, enabling administrators to manage users, groups, organizational units, and domain settings across a Google Workspace environment. The tool handles authentication through OAuth2 flows, service accounts, and workload identity federation, and supports multi-tenant configurations for managing multiple domains or cloud projects from a single installation. GAM distinguishes itself through its batch processing and automation capabilities. It can process la
The Model Context Protocol (MCP) Registry is an official service for publishing and discovering MCP servers, providing a centralized namespace system with integrated authentication and domain verification. It functions as both a registry for server discovery and a publishing tool that enforces ownership proof through domain-based organization. The registry distinguishes itself through a CLI-driven publishing pipeline that bundles server metadata, validates authentication, and submits to the registry API. It implements DNS-based domain verification, requiring a TXT record or HTTP challenge fil
Metasploitable3 is an automated virtual machine provisioner designed to build and deploy operating system images with intentional security weaknesses. It functions as a penetration testing lab by creating vulnerable virtual machine targets used for security training, exploit development, and the validation of security tools. The system uses configuration scripts to inject vulnerabilities into Windows and Linux environments. This includes the deployment of insecure applications and services, such as web servers and databases, and the application of misconfigured system permissions to simulate
fpm is a multiplatform package builder and converter used to create software packages for various Linux distribution formats from a single unified source. It functions as a Linux distribution packager and a cross-format converter, transforming local directories, existing packages, or language-specific modules into platform-native formats such as DEB and RPM. The tool acts as a language-specific package wrapper, bundling modules from Node.js, Python, Ruby, and Perl into system packages. It can also generate packages that automatically configure system services for targets like systemd. The pr
Redis is a high-performance in-memory key-value store that functions as a distributed cache, message broker, and NoSQL database. It provides sub-millisecond read and write access to data stored in RAM and can operate as a vector database for indexing high-dimensional embeddings. The system supports a wide range of data storage and synchronization primitives, including the management of strings, hashes, lists, sets, and JSON documents. It enables real-time data operations through atomic transactions, hybrid persistence using snapshots and append-only logs, and high-availability configurations
This project is a command-line utility and Python-based scraper designed to download and archive educational media from Coursera for offline access. It functions as a tool for saving course syllabi, videos, subtitles, and notebooks to a local file system to ensure a secure backup of academic materials. The tool distinguishes itself by providing capabilities for course quiz extraction, retrieving questions and answers from both graded and ungraded quizzes. It supports the retrieval of learning materials from both legacy and on-demand platforms and implements interrupted download resumption to
Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t
This is a large-scale collection of curated Chinese text corpora designed for training natural language processing models. The project provides a variety of datasets, including a deduplicated archive of millions of news articles with titles and keywords, high-quality categorized question-and-answer pairs, and parallel translation corpora. The collection includes millions of aligned Chinese and English sentence pairs used for cross-lingual model training and machine translation development. It also contains filtered question-and-answer data organized by label for the construction of knowledge-