Alternatives and similar repositories for ato-checklist

Users that are interested in ato-checklist are comparing it to the libraries listed below

• egrullon / Wounty

  View on GitHub
  Wounty is a simple web enumeration script that makes use of other popular tools to automate the early stages of recognition in Bug Bounty…
  ☆14Feb 6, 2022Updated 4 years ago
• DigeeX / raider

  View on GitHub
  DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
  ☆139Sep 14, 2021Updated 4 years ago
• nccgroup / SFPolDevChk

  View on GitHub
  Salesforce Policy Deviation Checker
  ☆30Sep 30, 2020Updated 5 years ago
• tprynn / web-methodology

  View on GitHub
  Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
  ☆212Oct 31, 2024Updated last year
• salesforce / metabadger

  View on GitHub
  Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
  ☆143May 1, 2025Updated 9 months ago
• ovotech / gitoops

  View on GitHub
  all paths lead to clouds
  ☆638Oct 11, 2023Updated 2 years ago
• ncc-erik-steringer / Aerides

  View on GitHub
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Jan 18, 2022Updated 4 years ago
• barrracud4 / image-upload-exploits

  View on GitHub
  This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests a…
  ☆349Jun 13, 2021Updated 4 years ago
• doyensec / burpdeveltraining

  View on GitHub
  Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
  ☆357Oct 14, 2020Updated 5 years ago
• hakluke / haklistgen

  View on GitHub
  Turns any junk text into a usable wordlist for brute-forcing.
  ☆227Mar 16, 2024Updated last year
• magoo / redteam-plan

  View on GitHub
  Issues to consider when planning a red team exercise.
  ☆614Aug 23, 2017Updated 8 years ago
• visma-prodsec / confused

  View on GitHub
  Tool to check for dependency confusion vulnerabilities in multiple package management systems
  ☆775Aug 19, 2024Updated last year
• cedowens / macOS-browserhist-parser

  View on GitHub
  Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…
  ☆15Dec 3, 2020Updated 5 years ago
• msrkp / PPScan

  View on GitHub
  Client Side Prototype Pollution Scanner
  ☆524Sep 17, 2022Updated 3 years ago
• bwiko / bugbounty_checklist

  View on GitHub
  ☆17May 20, 2021Updated 4 years ago
• apiiro / combobulator

  View on GitHub
  Dependency Combobulator
  ☆95Jan 10, 2024Updated 2 years ago
• puzzlepeaches / msprobe

  View on GitHub
  Finding all things on-prem Microsoft for password spraying and enumeration.
  ☆258May 17, 2022Updated 3 years ago
• projectdiscovery / cloudlist

  View on GitHub
  Cloudlist is a tool for listing Assets from multiple Cloud Providers.
  ☆998Updated this week
• amrandazz / attack-guardduty-navigator

  View on GitHub
  A MITRE ATT&CK Navigator export for AWS GuardDuty Findings
  ☆139Jul 23, 2021Updated 4 years ago
• tenchi-security / camp

  View on GitHub
  CloudSplaining on AWS Managed Policies
  ☆44Sep 8, 2025Updated 5 months ago
• hakluke / hakfindinternaldomains

  View on GitHub
  Feed it a list of subdomains, it will resolve them and tell you which ones are internal
  ☆93Nov 21, 2021Updated 4 years ago
• ksharinarayanan / WAP

  View on GitHub
  Open source alternative to Burpsuite
  ☆15May 18, 2021Updated 4 years ago
• righteousgambit / quiet-riot

  View on GitHub
  Unauthenticated enumeration of AWS, Azure, and GCP Principals
  ☆282Nov 27, 2025Updated 2 months ago
• MilindPurswani / whoxyrm

  View on GitHub
  A reverse whois tool based on Whoxy API.
  ☆169Mar 31, 2024Updated last year
• lc / secretz

  View on GitHub
  secretz, minimizing the large attack surface of Travis CI
  ☆325May 30, 2022Updated 3 years ago
• salesforce / lobster-pot

  View on GitHub
  Scans every git push to your Github organisations to find unwanted secrets.
  ☆87May 1, 2025Updated 9 months ago
• defparam / haptyc

  View on GitHub
  ☆95Sep 18, 2021Updated 4 years ago
• detectify / page-fetch

  View on GitHub
  Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…
  ☆528Apr 23, 2025Updated 9 months ago
• secmerc / materialize-threats

  View on GitHub
  ☆69Jul 18, 2025Updated 6 months ago
• audibleblink / git-ls

  View on GitHub
  List (or plunder) private repos/gists to which a token has access, including those of other users
  ☆10Jan 29, 2022Updated 4 years ago
• steeve85 / tfviz

  View on GitHub
  Visualize your Terraform files
  ☆34Sep 9, 2020Updated 5 years ago
• Frichetten / ssm-agent-research

  View on GitHub
  This is a custom SSM agent which is sorta functional
  ☆17Jul 5, 2021Updated 4 years ago
• nccgroup / s3_objects_check

  View on GitHub
  Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
  ☆78Mar 4, 2022Updated 3 years ago
• BishopFox / eyeballer

  View on GitHub
  Convolutional neural network for analyzing pentest screenshots
  ☆1,278Feb 19, 2024Updated last year
• yashrs / Hackerone_Private_Hacktivity_Chrome_Extention

  View on GitHub
  ☆18Apr 26, 2021Updated 4 years ago
• ashirt-ops / aterm

  View on GitHub
  It records your terminal, then lets you upload to ASHIRT
  ☆29Feb 8, 2026Updated last week
• RhinoSecurityLabs / ccat

  View on GitHub
  Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
  ☆647Nov 21, 2019Updated 6 years ago
• BishopFox / smogcloud

  View on GitHub
  Find cloud assets that no one wants exposed 🔎 ☁️
  ☆349Jul 20, 2020Updated 5 years ago
• melbadry9 / SSLEnum

  View on GitHub
  Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)
  ☆42Nov 10, 2025Updated 3 months ago