89 Open source projects that are alternatives of or similar to sample-scan-files

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

This projects creates SHA values for locale binaries - Shazam for packages.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Another web vulnerabilities scanner, this extension works on Chrome and Opera

An application to assist in the organization and prioritization of software security activities.

Automatic Service Enumeration Script

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

This project is about creating and publishing threat model examples.

Integrates Dependency-Check reports into SonarQube

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

A PHP version scanner for reporting possible vulnerabilities

All-in-one tool for managing vulnerability reports from AppSec pipelines

A simple Java command-line utility to mirror the entire contents of VulnDB.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Git All the Payloads! A collection of web attack payloads.

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

The OWASP ZAP Heads Up Display (HUD)

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Simple and extensible plugin to track task times in your Gradle Project.

Oversecured Vulnerable Android App

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Show uncommitted, untracked and unpushed changes for multiple Git repos

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

[CVPR 2021] Scan2Cap: Context-aware Dense Captioning in RGB-D Scans

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Scans your AWS cloud resources and generates reports. Check out free hosted version:

HTML5 WebSocket message fuzzer

Sqreen's Application Security Management for the Go language

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Simplified module reloader for Elixir

The OWASP ZAP core project

Oversecured Vulnerable iOS App

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

A vulnerable version of Rails that follows the OWASP Top 10

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Web path scanner

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

OWASP ZAP Add-ons

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

🎯 RFI/LFI Payload List

w3af: web application attack and audit framework, the open source web vulnerability scanner.

iOS & OSX Bluetooth library for RxSwift

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

This repository contains links to awesome security articles.

Fast and powerful SSL/TLS scanning library.

By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys.

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).