Patator – Multi-purpose Brute-forcer

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks.

BFAC – Advanced Web-Applications Backup-File Artifacts Checker

BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web-application's source code.

SEC-AUDIT – PowerShell Script for Security Configuration Audit

SEC-AUDIT is a powershell script that checks for various security settings / controls / policies applied on the host machine.

CUPP – Common User Passwords Profiler

CUPP is a tool that may help to perform a legal penetration testing or forensic crime investigations.

Turbolist3r – Subdomain Enumeration Tool

Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to the original OSINT capabilties of sublist3r.

Egressbuster – Checks Egress Filtering

EgressBuster is a way to test the effectiveness of egress filtering for an individual area.

CMSmap – CMS Security Scanner

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.