616 Open source projects that are alternatives of or similar to introspector

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.

Pre-configured response & remediation playbooks for AWS Security Hub

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Agile Threat Modeling Toolkit

🛡️ Awesome Cloud Security Resources ⚔️

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Ansible role for Red Hat 8 STIG Baseline

AWSXenos will list all the trust relationships in all the IAM roles and S3 buckets

🔐 Docker Container for Penetration Testing & Security

Identity & Access Management simplified and secure.

Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.

A Lambda-powered Security Orchestration framework for AWS GuardDuty

tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

Microsoft Sentinel SOC Operations

All-in-one tool for managing vulnerability reports from AppSec pipelines

Validate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation

One stop solution of PaaS platform based on DevSecOps --- Based on SpringCloud/Docker/k8s/ServiceMesh(Istio), primary integrated modules: CMDB, Unified Continuous delivery of CI/CD (distributed compilation and deployment), IAM Certification Center, Unified monitoring center, Unified configuration center, Unified Distributed task scheduling cente…

Leaked pentesting manuals given to Conti ransomware crooks

Side-channel file transfer between independent VMs or processes executed on the same physical host.

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

A simple way to know if you are on the list of major security breaches like "HIBP", but it is specific for Iran.

Detect Sensitive REST API communication using Deep Neural Networks

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

基于 python 3.7 + django 2.2.3 + AdminLTE-3.0.0-beta.1 实现的资产管理系统。

No description or website provided.

all manner of wordlists

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

TIGMINT: OSINT (Open Source Intelligence) GUI software framework

A "passwordless" login experience for your AWS RDS

Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems

Golang Implementation of the SCIM v2 Specification

Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Ansible role for Ubuntu 2004 CIS Baseline

Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).

my extensions of itop

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

The Solutions Delivery Platform runtime pipeline framework

🖖 Fast, modern, easy-to-use network scanner

A collection of some of my scripts

🔥Authing - IDaaS/IAM solution that can Auth to web and mobile applications.

Multi source CVE/exploit parser.

DevSecOps Toolchain

Pentest: Subdomains enumeration tool for penetration testers.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Complete AWS IAM Reference

Lightweight SSH key management on AWS EC2

Notes Taken for HTB Machines & InfoSec Community.

AWS Identity and Access Management Visualizer and Anomaly Finder