All Categories → Security → security-audit

Top 170 security-audit open source projects

Nginx log check
Nginx日志安全分析脚本
Rspet
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Bettercap
DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
Sec Admin
分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
Roslyn Security Guard
Roslyn analyzers that aim to help security audit on .NET applications.
G Scout
Google Cloud Platform Security Tool
Opencspm
Open Cloud Security Posture Management Engine
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Biu Framework
Biu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Yawast
YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Nndefaccts
nnposter's alternate fingerprint dataset for Nmap script http-default-accounts
Recsech
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Terraform Aws Cloudtrail Cloudwatch Alarms
Terraform module for creating alarms for tracking important changes and occurrences from cloudtrail.
Zap Cli
A simple tool for interacting with OWASP ZAP from the commandline.
Striptls
proxy poc implementation of STARTTLS stripping attacks
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Hardentheworld
Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.
Nebulousad
NebulousAD automated credential auditing tool.
Git Scanner
A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Libdiffuzz
Custom memory allocator that helps discover reads from uninitialized memory
Mix audit
🕵️‍♀️ MixAudit provides a mix deps.audit task to scan a project Mix dependencies for known Elixir security vulnerabilities
Gcp Audit
A tool for auditing security properties of GCP projects.
Sqlite Lab
This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Edr Testing Script
Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Find Sec Bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Windows Ad Environment Related
This Repository contains the stuff related to windows Active directory environment exploitation
Encrypt.to
Send encrypted PGP messages with one click
Wynis
Audit Windows Security with best Practice
Dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Kccss
Kubernetes Common Configuration Scoring System
Catnip
Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Gda Android Reversing Tool
GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…
Drek
A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
Cloudsploit
Cloud Security Posture Management (CSPM)
Github Dorks
Find leaked secrets via github search
Aws Securitygroup Grapher
This ansible role gets information from an AWS VPC and generate a graphical representation of security groups
Frost
Unit testing framework for test driven security of AWS, GCP, Heroku and more.
Pentest Notes
Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Secure Ios App Dev
Collection of the most common vulnerabilities found in iOS applications
Rails Security Checklist
🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
1-60 of 170 security-audit projects