3121 Open source projects that are alternatives of or similar to Insider

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Android Mobile Device Hardening

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Secure, Unified, Powerful and Extensible Rust Android Analyzer

a javascript static security analysis tool

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Golang security checker

🔎 shodansploit > v1.3.0

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Security scanner coordinator

secureCodeBox (SCB) - continuous secure delivery out of the box

Kubernetes RBAC static Analysis & visualisation tool

Web Scan Lazy Tools - Python Package

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Performing security tests inside your CI

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Web application vulnerability scanner

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

Tool for complete hardening of Linux boot chain with UEFI Secure Boot

The OWASP ZAP core project

Awesome Java Security Resources 🕶☕🔐

A Machine Learning approach for classifying a file as Malicious or Legitimate

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Application and Service Fingerprinting

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

All-in-one tool for managing vulnerability reports from AppSec pipelines

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Explore Indicators of Compromise Automatically

Trigram database written in C++, suited for malware indexing

Various code metrics for Python code

A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

command-line interface for the haters of the search.maven.org UI

🐞 Primitive Erlang Security Tool

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

cfmt is a tool to wrap Go comments over a certain length to a new line.

Telling tales on you for leaking secrets!

Pacman-inspired game, for teaching testing purposes.

Awesome Golang Security resources 🕶🔐

PHP Static Analysis Tool - discover bugs in your code without running it!

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

nodejsscan is a static security code scanner for Node.js applications.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Scanning APK file for URIs, endpoints & secrets.

Automated Security Testing For REST API's

PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

Semgrep rules registry