Top 654 security-tools open source projects

snopf USB password token

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

outis is a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).

A CLI tool for automating the importing, securing and usage of NordVPN (and in the future, more) OpenVPN servers through NetworkManager.

🚿 Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software

Work in progress firewall for Linux syscalls, written in Rust

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.

Web Application recon automation

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

EmbedOS - Embedded security testing virtual machine

Hunt down the secrets from the WebArchives for Fun and Profit

A JWT (JSON Web Token) Encoder & Decoder

protocol fuzzing toolkit

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Simplifying Seccomp enforcement in containerized or non-containerized apps

Common password pattern generator using strings list

A collection of public offensive and defensive security related scripts for InfoSec students.

OSSSM (awesome). Open source short-term secure messaging

Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

A PowerShell armoury for penetration testers or other random security guys

Webshell Manager

Awesome Golang Security resources 🕶🔐

Adversary Simulation Framework

Telling tales on you for leaking secrets!

VOIP Security Audit Framework

🔐 Open Source Python Keylogger Collection

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

A security monitoring solution for Kubernetes

A curated list of various bug bounty tools

Android Mobile Device Hardening

This ansible role gets information from an AWS VPC and generate a graphical representation of security groups

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

A library to check for compromised passwords

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

The clever vulnerability dependency finder

Qualys sslabs-scan utility in a tiny docker image

Secure, human-friendly, cross-platform secrets and config.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

Tools to automate and/or expedite response.

A set of recipes useful in pentesting and red teaming scenarios

A repository of sysmon configuration modules

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

PoC tool to demonstrate vulnerabilities in wireless input devices

Open Repository for the Open Security and Privacy Reference Architecture

Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters

🍿 The perfect Checklist Website for meticulous developers.

Explore Indicators of Compromise Automatically

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

Forseti Security

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

📷 ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from https://github.com/dosyago/p2%2e

Trigram database written in C++, suited for malware indexing

All-in-one tool for managing vulnerability reports from AppSec pipelines

USB testing made easy

Friends don't let friends leak secrets on their terminal window 🙈

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...