InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (+127.37%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+1833.68%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (+34.74%)
Apk Meditmemory search and patch tool on debuggable apk without root & ndk
Stars: ✭ 189 (+98.95%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+10649.47%)
AndroidlibraryAndroid library to reveal or obfuscate strings and assets at runtime
Stars: ✭ 162 (+70.53%)
Dexcalibur[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (+438.95%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+435.79%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+3976.84%)
AdhritAndroid Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Stars: ✭ 399 (+320%)
Android Pin BruteforceUnlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
Stars: ✭ 217 (+128.42%)
R2fridaRadare2 and Frida better together.
Stars: ✭ 610 (+542.11%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (+364.21%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+4701.05%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (+318.95%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+1183.16%)
HardeningHardening Ubuntu. Systemd edition.
Stars: ✭ 705 (+642.11%)
ApkleaksScanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+2749.47%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (+117.89%)
WssatWEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (+278.95%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (+167.37%)
Jsprimea javascript static security analysis tool
Stars: ✭ 556 (+485.26%)
Terraform Aws Secure BaselineTerraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
Stars: ✭ 596 (+527.37%)
SquealerTelling tales on you for leaking secrets!
Stars: ✭ 97 (+2.11%)
GosecGolang security checker
Stars: ✭ 5,694 (+5893.68%)
BrakemanA static analysis security vulnerability scanner for Ruby on Rails applications
Stars: ✭ 6,281 (+6511.58%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+9517.89%)
Aws MaintenanceCollection of scripts and Lambda functions used for maintaining AWS resources
Stars: ✭ 75 (-21.05%)
Envkey AppSecure, human-friendly, cross-platform secrets and config.
Stars: ✭ 83 (-12.63%)
YobichainYobiChain is your very own private blockchain ecosystem preloaded with database, web & FTP servers and D.A.V.E. (Data Authentication & Verification Engine) and S.A.M. (Smart Asset Management).
Stars: ✭ 91 (-4.21%)
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+1209.47%)
Php codesnifferPHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.
Stars: ✭ 9,004 (+9377.89%)
RadonVarious code metrics for Python code
Stars: ✭ 1,193 (+1155.79%)
Anchore EngineA service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
Stars: ✭ 1,192 (+1154.74%)
Cv4pve BarcBackup And Restore Ceph for Proxmox VE
Stars: ✭ 74 (-22.11%)
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (-5.26%)
Sea DsaA new context, field, and array-sensitive heap analysis for LLVM bitcode based on DSA.
Stars: ✭ 90 (-5.26%)
Pentesting CookbookA set of recipes useful in pentesting and red teaming scenarios
Stars: ✭ 82 (-13.68%)
Radio HackboxPoC tool to demonstrate vulnerabilities in wireless input devices
Stars: ✭ 74 (-22.11%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+1193.68%)
Nrf24 PlaysetSoftware tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters
Stars: ✭ 73 (-23.16%)
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-6.32%)
Chef Windows HardeningThis chef cookbook provides windows hardening configurations for the DevSec Windows baseline profile.
Stars: ✭ 80 (-15.79%)
Kube LinterKubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
Stars: ✭ 1,177 (+1138.95%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-23.16%)
Syrupy🥞 The sweeter pytest snapshot plugin
Stars: ✭ 73 (-23.16%)
Ffck🦊 & 🧅 hardening
Stars: ✭ 72 (-24.21%)
Password LeakA library to check for compromised passwords
Stars: ✭ 92 (-3.16%)
Pest🐞 Primitive Erlang Security Tool
Stars: ✭ 79 (-16.84%)