1087 Open source projects that are alternatives of or similar to ad-privileged-audit

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Timeline of Active Directory changes with replication metadata

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Monitoring GitHub for sensitive data shared publicly

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Open Source SIEM (Security Information and Event Management system).

A collection of awesome security hardening guides, tools and other resources

This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Educational, CTF-styled labs for individuals interested in Memory Forensics

You didn't think I'd go and leave the blue team out, right?

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

A curated list of security resources for a Ruby on Rails application

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

A humble, and fast, security-oriented HTTP headers analyzer

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

Directory Services Internals (DSInternals) PowerShell Module and Framework

Purple Team Exercise Framework

Security Knowledge Framework (SKF) Python Flask / Angular project

network reconnaissance toolkit

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them

Scripts to gather system configuration information for offline/remote auditing

Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.

A repository of tools for pentesting of restricted and isolated environments.

A Go implementation of dirsearch.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

Simple Golang HTTPS/TLS Examples

Wordpress Vulnerability Scanner

Python 3 Script to parse out iTunes backups

Live system forensic collector

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

No description or website provided.

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Minimalistic DNS logging tool

💀 A bash hacking and scanning framework.

The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Want to see how something like Internet Chemotherapy works without bricking your own vms? This is a jail to reduce the python runtime from doing bad things on the host when running untrusted code. Nerf what you do not need 👾 + 🐛 ⚽ 🏈 🐳

Carve file metadata from NTFS index ($I30) attributes

Docker auditing and enumeration script.

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices