177 Open source projects that are alternatives of or similar to Chopchop

Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Centralize Vulnerability Assessment and Management for DevSecOps Team

XCTR Hacking Tools

Penetration test Achieve Knowledge Unite Rapid Interface

This repository contains information about DevSecOps and how to get involved in this community effort.

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

SCAP Scanner And Tailoring Graphical User Interface

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

🔱 Collection and Roadmap for everyone who wants DevSecOps.

Kubernetes Common Configuration Scoring System

Large-scale server monitoring application written in Golang

Python3 library and command line for GreyNoise

This repository is providing source codes of Tango projects I created.

Nmap custom probes for better detecting SAP services

The Secure Coding Framework

🔥Open source RASP solution

All-in-one tool for managing vulnerability reports from AppSec pipelines

Sane command-line scan-to-pdf script on Linux with OCR and deskew support

Burp Suite extension to passively scan for applications revealing server error messages

AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Scan Kubernetes resource files , and helm charts for security configurations issues and best practices.

🔐 Docker Container for Penetration Testing & Security

Assembly scanning and decoration extensions for Microsoft.Extensions.DependencyInjection

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

🛡️ Make your web services secure by default !

Multithreaded monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools with support for Acunetix

Identify hardcoded secrets and dangerous behaviours

RTAB-Map library and standalone application

Agile Threat Modeling Toolkit

An android app that scans Bluetooth and WiFi for FIND3

Curating the best DevSecOps resources and tooling.

Library used to deskew a scanned document

Benchmarking repo for secrets scanning

Awesome Fingerprint Identify for react-native (android only)

Security scanner for your Terraform code

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Scientific analysis of nanoscale materials imaging data

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)

The DevSecOps toolset for REST APIs

Affordable WiFi hacking platform for testing and learning

Scan only once by IP address and reduce scan times with Nmap for large amounts of data.

An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

nodejsscan is a static security code scanner for Node.js applications.

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

Burp extension to passively scan for applications revealing software version numbers

online port scan scraper

Anteater - CI/CD Gate Check Framework

Awesome DevSecOps на русском языке

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.