clair-cicdMaking CoreOS' Clair easily work in CI/CD pipelines
Stars: ✭ 27 (+92.86%)
BettercapDEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
Stars: ✭ 2,518 (+17885.71%)
RecsechRecsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (+1135.71%)
NebulousadNebulousAD automated credential auditing tool.
Stars: ✭ 158 (+1028.57%)
YawastYAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Stars: ✭ 181 (+1192.86%)
VulscanAdvanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+16364.29%)
default-http-login-hunterLogin hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
Stars: ✭ 285 (+1935.71%)
G ScoutGoogle Cloud Platform Security Tool
Stars: ✭ 210 (+1400%)
Mix audit🕵️♀️ MixAudit provides a mix deps.audit task to scan a project Mix dependencies for known Elixir security vulnerabilities
Stars: ✭ 146 (+942.86%)
Edr Testing ScriptTest the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
Stars: ✭ 136 (+871.43%)
Biu FrameworkBiu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)
Stars: ✭ 183 (+1207.14%)
CrumbleMenu driven wordlist generator in C++
Stars: ✭ 19 (+35.71%)
JxnetJxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).
Stars: ✭ 26 (+85.71%)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (+1085.71%)
CobraSource Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+19914.29%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+1057.14%)
BlowholeDocker auditing and enumeration script.
Stars: ✭ 21 (+50%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (+971.43%)
Sec Admin分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
Stars: ✭ 222 (+1485.71%)
Sqlite LabThis code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Stars: ✭ 140 (+900%)
Bundler AuditPatch-level verification for Bundler
Stars: ✭ 2,393 (+16992.86%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+12928.57%)
Find Sec BugsThe SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Stars: ✭ 1,748 (+12385.71%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+1235.71%)
sregistry-cliSingularity Global Client for container management
Stars: ✭ 13 (-7.14%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+1200%)
pip-auditAudits Python environments and dependency trees for known vulnerabilities
Stars: ✭ 735 (+5150%)
Nndefacctsnnposter's alternate fingerprint dataset for Nmap script http-default-accounts
Stars: ✭ 180 (+1185.71%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+57371.43%)
AnteaterAnteater - CI/CD Gate Check Framework
Stars: ✭ 174 (+1142.86%)
nerfballWant to see how something like Internet Chemotherapy works without bricking your own vms? This is a jail to reduce the python runtime from doing bad things on the host when running untrusted code. Nerf what you do not need 👾 + 🐛 ⚽ 🏈 🐳
Stars: ✭ 19 (+35.71%)
RspetRSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Stars: ✭ 251 (+1692.86%)
DirsearchA Go implementation of dirsearch.
Stars: ✭ 164 (+1071.43%)
LogESPOpen Source SIEM (Security Information and Event Management system).
Stars: ✭ 162 (+1057.14%)
Striptlsproxy poc implementation of STARTTLS stripping attacks
Stars: ✭ 163 (+1064.29%)
FilewatcherA simple auditing utility for macOS
Stars: ✭ 233 (+1564.29%)
HardentheworldHarden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.
Stars: ✭ 158 (+1028.57%)
rubysecRubySec Field Guide
Stars: ✭ 41 (+192.86%)
Git ScannerA tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Stars: ✭ 157 (+1021.43%)
KubestrikerA Blazing fast Security Auditing tool for Kubernetes
Stars: ✭ 213 (+1421.43%)
LibdiffuzzCustom memory allocator that helps discover reads from uninitialized memory
Stars: ✭ 147 (+950%)
burp-aem-scannerBurp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.
Stars: ✭ 60 (+328.57%)
Gcp AuditA tool for auditing security properties of GCP projects.
Stars: ✭ 140 (+900%)
Roslyn Security GuardRoslyn analyzers that aim to help security audit on .NET applications.
Stars: ✭ 214 (+1428.57%)
cliThe universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.
Stars: ✭ 811 (+5692.86%)
WhispersIdentify hardcoded secrets and dangerous behaviours
Stars: ✭ 66 (+371.43%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+13671.43%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+2371.43%)
ReplicaGhidra Analysis Enhancer 🐉
Stars: ✭ 194 (+1285.71%)
Industrial-Security-Auditing-FrameworkISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.
Stars: ✭ 43 (+207.14%)
SharePoint-SecurityA Github Repository Created to compliment a BSides Canberra 2018 talk on SharePoint Security.
Stars: ✭ 42 (+200%)
vilicusVilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
Stars: ✭ 82 (+485.71%)