480 Open source projects that are alternatives of or similar to Tripwire Open Source

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Enumerate and disable common sources of telemetry used by AV/EDR.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

secureCodeBox (SCB) - continuous secure delivery out of the box

My simple Swiss Army knife for http/https troubleshooting and profiling.

Automated Mass Exploiter

Awesome .NET Security Resources

Performing security tests inside your CI

🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯

Golang security checker

DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

红队综合渗透框架

It a tiny tool to lock your folder without compression.

network visualization & vulnerability management/reporting

Search for Directory Traversal Vulnerabilities

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Bandit is a tool designed to find common security issues in Python code.

a tool to analyze filesystem images for security

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Web Scan Lazy Tools - Python Package

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

Next generation web scanner

Public append-only ledger microservice built with Slim Framework

一键提取安卓应用中可能存在的敏感信息。

A tool for identifying misconfigured CloudFront domains

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Help building an adaptive and fine-grained pod security policy

🤖 The Modern Port Scanner 🤖

A Deep Graph-based Toolbox for Fraud Detection

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Toolbox containing research notes & PoC code for weaponizing .NET's DLR

An automated target reconnaissance pipeline.

This repository created for personal use and added tools from my latest blog post.

Store data in a simple and secure way

NERVE Continuous Vulnerability Scanner

YARA malware query accelerator (web frontend)

Security scanner coordinator

DeimosC2 is a Golang command and control framework for post-exploitation.

Python 3.5+ DNS asynchronous brute force utility

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Golang + Beego 编写 提供开发/运维常用操作的HTTP API接口: 手机归属地查询、IP地址查询、工作日节假日判断、微信报警、钉钉报警、2步验证、密码存储、发送邮件、生成随机密码等功能

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

IAST 灰盒扫描工具

🍀 Go basic library. || Go语言基础库

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

A light-weight password manager with a focus on simplicity and security

Automated cacert.pem management for PHP projects

Kubernetes RBAC static Analysis & visualisation tool

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓

Drone pentesting framework console

Extract and aggregate threat intelligence.