Top 654 security-tools open source projects

🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Find cloud assets that no one wants exposed 🔎 ☁️

A ZigBee hacking toolkit by Bishop Fox

Collecting & Hunting for IOCs with gusto and style

A Go implementation of dirsearch.

Android library to reveal or obfuscate strings and assets at runtime

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Some of the best web shells that you might need!

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

NebulousAD automated credential auditing tool.

Exein core for Linux based firmware

The request.bin of DNS request

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Tool made to automate tasks of pentesting.

Hashcat web interface

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

End-To-End File & Message Encryption For Discord

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Tool for viewing and analyzing execution traces

Hyuga 一个用来记录DNS查询和HTTP请求的监控工具。

Custom memory allocator that helps discover reads from uninitialized memory

OSS Vulnerability Scanner for Windows Platform

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools

Exploit management framework

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

A Central Control Plane for AWS Permissions and Access

Collection of PowerShell network security scripts for system administrators.

🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

The full story of the CLR implementation of Meterpreter

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

The dum^H^H^Hsimplest encryption tool in the world.

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Automated NoSQL database enumeration and web application exploitation tool.

Username enumeration and password spraying tool aimed at Microsoft O365.

🚀 Fast Port Scanner 🚀

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

A tool to test security of json web token

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

A note-taking macOS app for penetration-testers.

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.

一行代码检测XP/调试/多开/模拟器/root

Curated List of Privacy Respecting Services and Software

Powerful Visual Subdomain Enumeration at the Click of a Mouse

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Cloud Discovery provides a point in time enumeration of all the cloud native platform services

Set of tools to audit SIP based VoIP Systems

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

A binary analysis framework

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

DNS-Discovery is a multithreaded subdomain bruteforcer.

Awesome hacking is an awesome collection of hacking tools.

An application to assist in the organization and prioritization of software security activities.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start