1707 Open source projects that are alternatives of or similar to Brakeman

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Open-Source Security Architecture | 开源安全架构

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Making CoreOS' Clair easily work in CI/CD pipelines

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

Performing security tests inside your CI

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Secure, Unified, Powerful and Extensible Rust Android Analyzer

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

WEB SERVICE SECURITY ASSESSMENT TOOL

RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!

Misc. Public Reports of Penetration Testing and Security Audits.

InQL - A Burp Extension for GraphQL Security Testing

A vulnerable version of Rails that follows the OWASP Top 10

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

Kubernetes RBAC static Analysis & visualisation tool

Exploit Pack -The next generation exploit framework

Web-based Source Code Vulnerability Scanner

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

SSL and TLS protocol test suite and fuzzer

Find interesting and potentially hazardous commits in git projects

Github mirror of "mediawiki/tools/phan/SecurityCheckPlugin" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)

Python source code auditing and static analysis on a large scale

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Web Scan Lazy Tools - Python Package

ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Web application vulnerability scanner

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Awesome Java Security Resources 🕶☕🔐

Automatic SQL injection with Charles and sqlmap api

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Awesome .NET Security Resources

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

syzkaller is an unsupervised coverage-guided kernel fuzzer

Tracking CVEs for the linux Kernel

A vulnerability scanner for container images and filesystems

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

一键提取安卓应用中可能存在的敏感信息。

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

a tool to analyze filesystem images for security

Security advisory database for Rust crates published through crates.io

Identify vulnerabilities in running containers, images, hosts and repositories

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

hacker, ready for more of our story ! 🚀

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Security scanner coordinator

Golang security checker

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem