IsthislegitDashboard to collect, analyze, and respond to reported phishing emails.
OmnibusThe OSINT Omnibus (beta release)
CalderaAutomated Adversary Emulation Platform
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Aws Secure Environment AcceleratorThe AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
NebulousadNebulousAD automated credential auditing tool.
AstraAutomated Security Testing For REST API's
PentaOpen source all-in-one CLI tool to semi-automate pentesting.
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
TheoEthereum recon and exploitation tool.
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
YamsA collection of Ansible roles for automating infosec builds.
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Network Threats TaxonomyMachine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies
UrsadbTrigram database written in C++, suited for malware indexing
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Centos7 CisAnsible CentOS 7 - CIS Benchmark Hardening Script
ErlamsaErlang port of famous radamsa fuzzzer.
Privatezilla👀👮🐢🔥Performs a privacy & security check of Windows 10
PacbotPacBot (Policy as Code Bot)
PantherDetect threats with log data and improve cloud security posture
SootyThe SOC Analysts all-in-one CLI tool to automate and speed up workflow.
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Cfn nagLinting tool for CloudFormation templates
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Fact coreFirmware Analysis and Comparison Tool
MonkeyInfection Monkey - An automated pentest tool
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
TurbiniaAutomation and Scaling of Digital Forensics Tools
GosecGolang security checker
ShuffleShuffle: A general purpose security automation platform platform. We focus on accessibility for all.
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
HuskyciPerforming security tests inside your CI
Fwanalyzera tool to analyze filesystem images for security
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
TaipanWeb application vulnerability scanner
TrailscraperA command-line tool to get valuable information out of AWS CloudTrail
StoqAn open source framework for enterprise level automated analysis.
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
BurpdeveltrainingMaterial for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
WsltoolsWeb Scan Lazy Tools - Python Package
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.