1293 Open source projects that are alternatives of or similar to Awesome Security Hardening

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Monitoring GitHub for sensitive data shared publicly

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

You didn't think I'd go and leave the blue team out, right?

Monitoring GitLab for sensitive data shared publicly

Find cloud assets that no one wants exposed 🔎 ☁️

Provides various Windows Server Active Directory (AD) security-focused reports.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Monitoring your Slack workspaces for sensitive information

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

Data leak checker & OSINT Tool

Backend logic implementation for Vulnerability Management System

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

Additional Resources For Securing The Stack Tutorials

Information Security Library

🔑 Hash type identifier (CLI & lib)

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A Lambda-powered Security Orchestration framework for AWS GuardDuty

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

Collection of several DDos tools.

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Designed to be installed on a fresh install of raspbian on a raspberry pi, by combining Respounder (Responder detection) and Artillery (port and service spoofing) for network deception, this tool allows you to detect an attacker on the network quickly by weeding out general noisy alerts with only those that matter.

This repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.

Leaked pentesting manuals given to Conti ransomware crooks

Malware Sample Sources

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

A concise, directive, specific, flexible, and free incident response plan template

Threat Hunting queries for various attacks

A collection of some of my scripts

Kubernetes RBAC static Analysis & visualisation tool

Most usable tools for iOS penetration testing

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

🎯 XML External Entity (XXE) Injection Payload List

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

一款适用于红蓝对抗中的仿真钓鱼系统

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

An advanced tool for email reconnaissance

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.