186 Open source projects that are alternatives of or similar to Awesome Security Audits

Collection of the most common vulnerabilities found in iOS applications

IotShark - Monitoring and Analyzing IoT Traffic

This Repository contains the stuff related to windows Active directory environment exploitation

Find leaked secrets via github search

Security tool to trace URL's jumps across the rel links to obtain the last URL

A repository of tools for pentesting of restricted and isolated environments.

🐞 Primitive Erlang Security Tool

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Audit Windows Security with best Practice

VOIP Security Audit Framework

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Wordpress Vulnerability Scanner

Unit testing framework for test driven security of AWS, GCP, Heroku and more.

Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

Automated NoSQL database enumeration and web application exploitation tool.

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

A Go implementation of dirsearch.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Set of tools to audit SIP based VoIP Systems

Linux命令转发记录

Custom memory allocator that helps discover reads from uninitialized memory

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Kubernetes Common Configuration Scoring System

A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.

Simple Golang HTTPS/TLS Examples

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

Cloud Security Posture Management (CSPM)

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

This ansible role gets information from an AWS VPC and generate a graphical representation of security groups

Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

A simple tool for interacting with OWASP ZAP from the commandline.

Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments

NebulousAD automated credential auditing tool.

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

All-in-one tool for managing vulnerability reports from AppSec pipelines

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

A command line security audit tool for Amazon Web Services

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

🎯 Server Side Template Injection Payloads

Scripts to gather system configuration information for offline/remote auditing

Send encrypted PGP messages with one click

pentest framework

Advanced vulnerability scanning with Nmap NSE

A Python SDK for Tufin Orchestration Suite

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

🕵️‍♀️ MixAudit provides a mix deps.audit task to scan a project Mix dependencies for known Elixir security vulnerabilities

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

Anteater - CI/CD Gate Check Framework

Terraform module for creating alarms for tracking important changes and occurrences from cloudtrail.

proxy poc implementation of STARTTLS stripping attacks

A tool for auditing security properties of GCP projects.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…