Top 89 security-automation open source projects

Dashboard to collect, analyze, and respond to reported phishing emails.

The OSINT Omnibus (beta release)

Automated Adversary Emulation Platform

HackerOne "in scope" domains

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.

安全编排与自动化响应平台

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Code from Blackhat Python book

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

NebulousAD automated credential auditing tool.

Automated Security Testing For REST API's

A repository of tools for pentesting of restricted and isolated environments.

Open source all-in-one CLI tool to semi-automate pentesting.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Ethereum recon and exploitation tool.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A collection of Ansible roles for automating infosec builds.

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

Explore Indicators of Compromise Automatically

Trigram database written in C++, suited for malware indexing

All-in-one tool for managing vulnerability reports from AppSec pipelines

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Ansible CentOS 7 - CIS Benchmark Hardening Script

Erlang port of famous radamsa fuzzzer.

Tool for complete hardening of Linux boot chain with UEFI Secure Boot

👀👮🐢🔥Performs a privacy & security check of Windows 10

PacBot (Policy as Code Bot)

Distributed alerting for the masses!

Detect threats with log data and improve cloud security posture

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Linting tool for CloudFormation templates

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Hardening Ubuntu. Systemd edition.

Firmware Analysis and Comparison Tool

Infection Monkey - An automated pentest tool

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Automation and Scaling of Digital Forensics Tools

Penetration Testing notes, resources and scripts

Golang security checker

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Ansible playbook roles for security

Performing security tests inside your CI

a tool to analyze filesystem images for security

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Web application vulnerability scanner

A command-line tool to get valuable information out of AWS CloudTrail

An open source framework for enterprise level automated analysis.

Secure, Unified, Powerful and Extensible Rust Android Analyzer

🔎 shodansploit > v1.3.0

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

Web Scan Lazy Tools - Python Package

secureCodeBox (SCB) - continuous secure delivery out of the box

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.