grapefruit(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
aragraphVisualize your Aragon DAO Templates
WWWE💧 Check your email(s) using popular online services to see if it appears in any data-breach
cliThe universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.
urlRecon📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
dirbpyThis is the new version of dirb in python
nessus-file-analyzerGUI tool which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc. and exports results to a Microsoft Excel Workbook for effortless analysis.
introspectorA schema and set of tools for using SQL to query cloud infrastructure.
s3-fuzzer🔐 A concurrent, command-line AWS S3 Fuzzer. Written in Go.
DGFraud-TF2A Deep Graph-based Toolbox for Fraud Detection in TensorFlow 2.X
weblogic honeypotWebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.
aparoidStatic and dynamic Android application security analysis
RapidRepoPullThe goal of this program is to quickly pull and install repos from its list
privapiDetect Sensitive REST API communication using Deep Neural Networks
tugareconPentest: Subdomains enumeration tool for penetration testers.
gosintGosint is a distributed asset information collection and vulnerability scanning platform
gradejsGradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
minijailsandboxing and containment tool used in ChromeOS and Android
cryptoniceCryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
FSEC-VMBackend logic implementation for Vulnerability Management System
VulnogramVulnogram is a tool for creating and editing CVE information in CVE JSON format
LogESPOpen Source SIEM (Security Information and Event Management system).
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
snyk-maven-pluginTest and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
chartsDeploy Kubernetes Helm Charts for Check Point CloudGuard
IPASN-HistoryIP ASN History to find ASN announcing an IP and the closest prefix announcing it at a specific date
EzScriptCyberpatriot born Windows hardening script. It serves as a way to get to baseline and can help specialists further secure the machine.
Blue-BaronAutomate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.
proxmox toolboxA toolbox to get the firsts configurations of Proxmox VE / BS done in no time
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
vilicusVilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
badcharsBad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.
appsweep-gradleThis Gradle plugin can be used to continuously integrate app scanning using AppSweep into your Android app build process
kdtCLI to interact with Kondukto
Recon-XAdvanced Reconnaissance tool to enumerate attacking surface of the target.
ggshield-actionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
inthewilddbHourly updated database of exploit and exploitation reports
ehtkEthical Hacking Toolkit is a collection of tools, cheat sheets, and resources for Ethical hackers, Penetration Tester, and Security Researchers etc. It contains almost all tools mentioned in CEH, OSCP, eCPPT and PNPT
CrumbleMenu driven wordlist generator in C++
spicedbOpen Source, Google Zanzibar-inspired fine-grained permissions database
dheaterD(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
MitmMan in the middle tool
MyJWTA cli for cracking, testing vulnerabilities on Json Web Token(JWT)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.