592 Open source projects that are alternatives of or similar to dep-scan

Simple and scalable Linux tools for verifying TPM-based remote attestations 🔬⚖️🔐⛓📏📜

A FAST Kubernetes manifests validator, with support for Custom Resources!

Security advisory database for Rust crates published through crates.io

The base SIMP build repository

Original Automated CVE Checking Tool

Different utility scripts for pentesting and hacking.

Vulnerability (CVE) scanner for Nix/NixOS.

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Container Snitch checks running processes under the Docker Engine and alerts if any are found to be running as root

pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具

Ultimate DevSecOps library

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Misc. Public Reports of Penetration Testing and Security Audits.

cve-search - a tool to perform local searches for known vulnerabilities

A command line security audit tool for Amazon Web Services

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

Collection of Data Processing Agreement (DPA) and GDPR compliance resources

a tool to analyze filesystem images for security

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

PatrowlHears - Vulnerability Intelligence Center / Exploits

Find secrets on any machine from over 120 Different Signatures.

A social experiment

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!

The PHP Security Checker

A web spider for shodan.io without using the Developer API.

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

Scripts to gather system configuration information for offline/remote auditing

Writeup of CVE-2020-15906

⚡️ Docker official image for Wallarm Node. API security platform agent.

patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

NebulousAD automated credential auditing tool.

Github mirror of "mediawiki/tools/phan/SecurityCheckPlugin" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)

SIAC is an enterprise SIEM built on open-source technology.

PowerShell scripts to ensure consistent and reliable build quality and configuration for your servers

pentest framework

ES File Explorer Open Port Vulnerability - CVE-2019-6447

A curated list of security resources for a Ruby on Rails application

A collection of curated Java Deserialization Exploits

FedRAMP Tailored.

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

A humble, and fast, security-oriented HTTP headers analyzer

WebMap-Nmap Web Dashboard and Reporting

A Python SDK for Tufin Orchestration Suite

BootStomp: a bootloader vulnerability finder

Provides various Windows Server Active Directory (AD) security-focused reports.

🎯 Server Side Template Injection Payloads

Network Configuration and Compliance Management

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

一键提取安卓应用中可能存在的敏感信息。

cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Wazuh - Project documentation

Python source code auditing and static analysis on a large scale

CLI to interact with Kondukto

GitGuardian Shield GitHub Action - Find exposed credentials in your commits