Top 654 security-tools open source projects

Web-based Source Code Vulnerability Scanner

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Collaborative malware analysis framework

A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

Search for Directory Traversal Vulnerabilities

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Bandit is a tool designed to find common security issues in Python code.

Credentials catching honeypot

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Web Scan Lazy Tools - Python Package

A REST API security testing framework.

Next generation web scanner

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A tool for identifying misconfigured CloudFront domains

secureCodeBox (SCB) - continuous secure delivery out of the box

Help building an adaptive and fine-grained pod security policy

A Deep Graph-based Toolbox for Fraud Detection

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

An automated target reconnaissance pipeline.

This repository created for personal use and added tools from my latest blog post.

NERVE Continuous Vulnerability Scanner

YARA malware query accelerator (web frontend)

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

IAST 灰盒扫描工具

Automated cacert.pem management for PHP projects

Kubernetes RBAC static Analysis & visualisation tool

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Attack Surface Management Platform | Sn1perSecurity LLC

Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

The Staff-Manager App Server for Enterprise Token Safe BOX

PHP client for the haveibeenpwned.com API

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Stupid Simple Authentication

The Intel Homomorphic Encryption (HE) toolkit is the primordial vehicle for the continuous distribution of the Intel HE technological innovation to users. The toolkit has been designed with usability in mind and to make it easier for users to evaluate and deploy homomorphic encryption technology on the Intel platforms.

Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol

Search for Unix binaries that can be exploited to bypass system security restrictions.

The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

Security tool to quickly audit Public Box files and folders.

RPL attacks framework for simulating WSN with a malicious mote based on Contiki

EnvKey's official Go client library

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

A logging DNS and HTTP(S) server. Opensource alternative to some parts of the Burpsuite Collaborator server.

sedcli and libsed library for NVMe Self-Encrypting Drives (SEDs) management

Enables and use of the concept of security in your Delphi applications

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

EnvKey's official Ruby client library

Log4j Vulnerability Scanner for Windows

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

Visualize network topologies and collect graph statistics based on pcap files

PKApp is used to start, stop and authorise approval flow of authorizer.