107 Open source projects that are alternatives of or similar to edge

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

A simple Java command-line utility to mirror the entire contents of VulnDB.

Gorsair hacks its way into remote docker containers that expose their APIs

A workshop on Packet Crafting using Scapy.

Index of websites publishing bugs along the lines of heartbleed.com

Oversecured Vulnerable iOS App

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

A signed hash chain implementation for zero-trust data management.

Stealthy backdoor for Windows operating systems

🎯 RFI/LFI Payload List

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

Undetectable Windows Payload Generation

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Utilities for Sysmon

Integrates OWASP Zed Attack Proxy reports into SonarQube

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

This is the network diagrams, configuration guides, and hardware used for my home lab.

Some good resources for getting started with application security

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Scout - a Contactless Active Reconnaissance Tool

Hawkeye filesystem analysis tool

Oversecured Vulnerable Android App

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Operational Security utility and automator.

Sample scan files for testing DefectDojo imports

A TCP SYN flood client written in Rust, powered by libpnet

OWASP Zed Attack Proxy project landing page.

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

A cleanroom implementation of TLS 1.3

Embedded AppSec Best Practices

Idiomatic nmap library for go developers

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Sysmon configuration file template with default high-quality event tracing

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

This repository contains links to awesome security articles.

IoT device indexer and search engine.

Presentations, training modules, and other education materials from Duo Security's Application Security team.

Git All the Payloads! A collection of web attack payloads.

fast, extensible, versatile event router for Suricata's EVE-JSON format

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Additional Resources For Securing The Stack Tutorials

The OWASP ZAP Heads Up Display (HUD)

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

This project is about creating and publishing threat model examples.

Cameradar hacks its way into RTSP videosurveillance cameras

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

In progress rough solutions to bWAPP / bee-box

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Open-source framework to detect outliers in Elasticsearch events

Documentation for Essential Node.js Security

A compilation of network scanning strategies to find vulnerable devices

Serverless, Zero-Trust SSH for Microsoft Azure

OWASP Code Review Guide Web Repository