Top 654 security-tools open source projects

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Visualize your Aragon DAO Templates

💧 Check your email(s) using popular online services to see if it appears in any data-breach

The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.

📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server

This is the new version of dirb in python

Install Kali Linux Tools & Others on your Linux.

GUI tool which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc. and exports results to a Microsoft Excel Workbook for effortless analysis.

Distributed Honeypot

A schema and set of tools for using SQL to query cloud infrastructure.

🔐 A concurrent, command-line AWS S3 Fuzzer. Written in Go.

A Deep Graph-based Toolbox for Fraud Detection in TensorFlow 2.X

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

Static and dynamic Android application security analysis

The goal of this program is to quickly pull and install repos from its list

Detect Sensitive REST API communication using Deep Neural Networks

Pentest: Subdomains enumeration tool for penetration testers.

Gosint is a distributed asset information collection and vulnerability scanning platform

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

sandboxing and containment tool used in ChromeOS and Android

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

Backend logic implementation for Vulnerability Management System

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Open Source SIEM (Security Information and Event Management system).

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.

Deploy Kubernetes Helm Charts for Check Point CloudGuard

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.

IMAP or SMTP honeypot written in Golang

Reverse shell generator

IP ASN History to find ASN announcing an IP and the closest prefix announcing it at a specific date

Cyberpatriot born Windows hardening script. It serves as a way to get to baseline and can help specialists further secure the machine.

Automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.

A toolbox to get the firsts configurations of Proxmox VE / BS done in no time

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.

This Gradle plugin can be used to continuously integrate app scanning using AppSweep into your Android app build process

CLI to interact with Kondukto

Advanced Reconnaissance tool to enumerate attacking surface of the target.

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

Hourly updated database of exploit and exploitation reports

Ethical Hacking Toolkit is a collection of tools, cheat sheets, and resources for Ethical hackers, Penetration Tester, and Security Researchers etc. It contains almost all tools mentioned in CEH, OSCP, eCPPT and PNPT

Menu driven wordlist generator in C++

Open Source, Google Zanzibar-inspired fine-grained permissions database

You can find hardcoded Api-Key,Secret,Token Etc..

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

Man in the middle tool

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

Serverless honeytoken 🕵🏻‍♂️

Ansible role for Ubuntu 2004 CIS Baseline

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.