django-security-checkHelps you continuously monitor and fix common security vulnerabilities in your Django application.
Stars: ✭ 69 (+176%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (+868%)
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+35276%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (+1016%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (+1260%)
SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (+44%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+1352%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+648%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (+1052%)
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (+328%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+320%)
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (+1968%)
NetworkAlarmA tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-32%)
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+2772%)
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+7604%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+12692%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+1608%)
MixewayHubMixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Stars: ✭ 80 (+220%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (+188%)
sandfly-setupSandfly Security Agentless Compromise and Intrusion Detection System For Linux
Stars: ✭ 45 (+80%)
docker-wallarm-node⚡️ Docker official image for Wallarm Node. API security platform agent.
Stars: ✭ 18 (-28%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (+764%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+2164%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+7396%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+1336%)
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (+380%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+548%)
dirbpyThis is the new version of dirb in python
Stars: ✭ 36 (+44%)
kali-my-linuxInstall Kali Linux Tools & Others on your Linux.
Stars: ✭ 37 (+48%)
introspectorA schema and set of tools for using SQL to query cloud infrastructure.
Stars: ✭ 61 (+144%)
shaniaScan secrets from Continuous Integration Build Logs
Stars: ✭ 54 (+116%)
jawfishTool for breaking into web applications.
Stars: ✭ 84 (+236%)
RapidRepoPullThe goal of this program is to quickly pull and install repos from its list
Stars: ✭ 40 (+60%)
perimeterator'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.
Stars: ✭ 59 (+136%)
privapiDetect Sensitive REST API communication using Deep Neural Networks
Stars: ✭ 42 (+68%)
mapi-action🤖 Run a Mayhem for API scan in GitHub Actions
Stars: ✭ 16 (-36%)
prancer-compliance-testThis repository includes cloud security policies for IaC and live resources.
Stars: ✭ 32 (+28%)
workshop-devsecopsLa intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …
Stars: ✭ 14 (-44%)
JxnetJxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).
Stars: ✭ 26 (+4%)
VulnogramVulnogram is a tool for creating and editing CVE information in CVE JSON format
Stars: ✭ 103 (+312%)
DongTai-agent-javaJava Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
Stars: ✭ 592 (+2268%)
default-http-login-hunterLogin hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
Stars: ✭ 285 (+1040%)
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+4944%)
ochrona-cliA command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
Stars: ✭ 46 (+84%)
tfquerytfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
Stars: ✭ 297 (+1088%)
burp-aem-scannerBurp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.
Stars: ✭ 60 (+140%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+1284%)
awesome-policy-as-codeA curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (+384%)
vilicusVilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
Stars: ✭ 82 (+228%)
kdtCLI to interact with Kondukto
Stars: ✭ 18 (-28%)
gitleaksProtect and discover secrets using Gitleaks 🔑
Stars: ✭ 10,520 (+41980%)
moodlescanTool for scan vulnerabilities in Moodle platforms
Stars: ✭ 54 (+116%)
cscannerAn open source, multi-cloud DevSecOps compliance checker
Stars: ✭ 19 (-24%)
aws-wafDeep Security's APIs make it simple to integration with a variety of AWS Services
Stars: ✭ 42 (+68%)
ggshield-actionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 304 (+1116%)
DevSecOpsUltimate DevSecOps library
Stars: ✭ 4,450 (+17700%)