Swordphish is a platform allowing to create and manage fake phishing campaigns. Identifying security contacts may be hard in a big structure, that's why we developed Swordphish and a button embedded in the mail client to help our users to report suspicious mail to security teams just with a simple click. This choice seriously improved our visibility on what our users are receiving, and we decided to release it to the community! Swordphish can be used to train people identifying suspicious mails, and it can help checking that people report correctly the mails to security teams. Installation Detailed installation instructions can be found in the documentation. Docker images Swordphish has a docker-compose script to get up and running quickly.
FEATURES
SIMILAR TOOLS
Phish Report is inaccessible without JavaScript and cookies enabled.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
An open-source phishing toolkit for businesses and penetration testers.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A data-mining and deep web asset search engine for breach analysis and prevention services.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.