Top 654 security-tools open source projects

Find exploit tool

Enumeration sub domains(枚举子域名)

🆕 The Multi-Tool Web Vulnerability Scanner.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

grep rough audit - source code auditing tool

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

An Active Defense and EDR software to empower Blue Teams

Awesome Python Security resources 🕶🐍🔐

A static analysis security vulnerability scanner for Ruby on Rails applications

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Exploit Pack -The next generation exploit framework

InQL - A Burp Extension for GraphQL Security Testing

Daemon to ban hosts that cause multiple authentication errors

JAVA安全SDK及编码规范

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Hardening Ubuntu. Systemd edition.

r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Program to reverse Docker images into Dockerfiles

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

A cross-platform note-taking & target-tracking app for penetration testers.

Awesome PHP Security Resources 🕶🐘🔐

Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Hacking Toolkit

A collection of awesome security hardening guides, tools and other resources

Penetrum LLC opensource security tool list.

emba - An analyzer for Linux-based firmware of embedded devices.

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

A web front-end for password cracking and analytics

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

Infection Monkey - An automated pentest tool

kube-scan: Octarine k8s cluster risk assessment tool

Most usable tools for iOS penetration testing

🔒 Anti DDOS | Bash Script Project 🔒

a javascript static security analysis tool

C2/post-exploitation framework

Open source incident management and response platform.

SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems.

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

🎖safely* install packages with npm or yarn by auditing them as part of your install process

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Open Source Tripwire®

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

👻Stowaway -- Multi-hop Proxy Tool for pentesters

mXtract - Memory Extractor & Analyzer

红队综合渗透框架

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Drone pentesting framework console

Attack surface mapping

Automated Mass Exploiter

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Security scanner coordinator