977 Open source projects that are alternatives of or similar to Amdh

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

memory search and patch tool on debuggable apk without root & ndk

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Android library to reveal or obfuscate strings and assets at runtime

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Awesome Java Security Resources 🕶☕🔐

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

Awesome .NET Security Resources

Radare2 and Frida better together.

Security scanner coordinator

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Performing security tests inside your CI

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

Hardening Ubuntu. Systemd edition.

Scanning APK file for URIs, endpoints & secrets.

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

WEB SERVICE SECURITY ASSESSMENT TOOL

Kubernetes RBAC static Analysis & visualisation tool

a javascript static security analysis tool

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

Awesome Golang Security resources 🕶🔐

Awesome Python Security resources 🕶🐍🔐

Telling tales on you for leaking secrets!

Ansible role to apply a security baseline. Systemd edition.

Golang security checker

A static analysis security vulnerability scanner for Ruby on Rails applications

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Collection of scripts and Lambda functions used for maintaining AWS resources

Secure, human-friendly, cross-platform secrets and config.

This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).

YobiChain is your very own private blockchain ecosystem preloaded with database, web & FTP servers and D.A.V.E. (Data Authentication & Verification Engine) and S.A.M. (Smart Asset Management).

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

Various code metrics for Python code

Tools to automate and/or expedite response.

A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

Backup And Restore Ceph for Proxmox VE

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

A new context, field, and array-sensitive heap analysis for LLVM bitcode based on DSA.

A set of recipes useful in pentesting and red teaming scenarios

PoC tool to demonstrate vulnerabilities in wireless input devices

Open Repository for the Open Security and Privacy Reference Architecture

A repository of sysmon configuration modules

Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters

🍿 The perfect Checklist Website for meticulous developers.

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

This chef cookbook provides windows hardening configurations for the DevSec Windows baseline profile.

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

Explore Indicators of Compromise Automatically

🥞 The sweeter pytest snapshot plugin

🦊 & 🧅 hardening

Babel plugin that statically extracts i18next and react-i18next translation keys.

A library to check for compromised passwords

node bindings for the v8 profiler

🐞 Primitive Erlang Security Tool