Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+590.32%)
TrivyScanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+3367.03%)
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+157.35%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-32.97%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-22.58%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+28.67%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (+42.65%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-74.19%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-28.67%)
H1domainsHackerOne "in scope" domains
Stars: ✭ 223 (-20.07%)
IsthislegitDashboard to collect, analyze, and respond to reported phishing emails.
Stars: ✭ 251 (-10.04%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-41.94%)
Apk Meditmemory search and patch tool on debuggable apk without root & ndk
Stars: ✭ 189 (-32.26%)
Honggfuzz RsFuzz your Rust code with Google-developed Honggfuzz !
Stars: ✭ 222 (-20.43%)
Zbn安全编排与自动化响应平台
Stars: ✭ 201 (-27.96%)
ShuffleShuffle: A general purpose security automation platform platform. We focus on accessibility for all.
Stars: ✭ 424 (+51.97%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+2147.31%)
KudoKubernetes Universal Declarative Operator (KUDO)
Stars: ✭ 849 (+204.3%)
Find Sec BugsThe SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Stars: ✭ 1,748 (+526.52%)
TerrascanDetect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+863.08%)
TrailscraperA command-line tool to get valuable information out of AWS CloudTrail
Stars: ✭ 352 (+26.16%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+591.04%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+657.71%)
Zap HudThe OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201 (-27.96%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-25.81%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+1046.24%)
NebulousadNebulousAD automated credential auditing tool.
Stars: ✭ 158 (-43.37%)
LibdiffuzzCustom memory allocator that helps discover reads from uninitialized memory
Stars: ✭ 147 (-47.31%)
ContainersshContainerSSH: Launch containers on demand
Stars: ✭ 195 (-30.11%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-54.12%)
Gg Shield ActionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 248 (-11.11%)
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (-56.99%)
Deimosc2DeimosC2 is a Golang command and control framework for post-exploitation.
Stars: ✭ 423 (+51.61%)
assimilation-officialThis is the official main repository for the Assimilation project
Stars: ✭ 47 (-83.15%)
Rustscan🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (+1770.25%)
ZaproxyThe OWASP ZAP core project
Stars: ✭ 9,078 (+3153.76%)
aws-firewall-factoryDeploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (-74.19%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (-13.26%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+1180.29%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+1198.21%)
Awesome DevsecopsCurating the best DevSecOps resources and tooling.
Stars: ✭ 188 (-32.62%)
MixewayHubMixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Stars: ✭ 80 (-71.33%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (-14.7%)
secure-pipeline-advisorImprove your code security by running different security checks/validation in a simple way.
Stars: ✭ 25 (-91.04%)
OperatorsCollection of Kubernetes Operators built with KUDO.
Stars: ✭ 175 (-37.28%)
SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-87.1%)
dependency-track-maven-pluginMaven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Stars: ✭ 28 (-89.96%)
mobsf-ciAll that is required to run MobSF in the ci
Stars: ✭ 37 (-86.74%)
SoteriaPlugin to block compilation when unapproved dependencies are used or code styling does not comply.
Stars: ✭ 36 (-87.1%)
secureCodeBox-v2This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.
Stars: ✭ 23 (-91.76%)
django-security-checkHelps you continuously monitor and fix common security vulnerabilities in your Django application.
Stars: ✭ 69 (-75.27%)
sicakSIde-Channel Analysis toolKit: embedded security evaluation tools
Stars: ✭ 17 (-93.91%)
MqueryYARA malware query accelerator (web frontend)
Stars: ✭ 264 (-5.38%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+336.92%)