5570 Open source projects that are alternatives of or similar to Trivy

Security scanner for your Terraform code

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Knowledge seeks no man

Pulumi - Developer-First Infrastructure as Code. Your Cloud, Your Language, Your Way 🚀

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

secureCodeBox (SCB) - continuous secure delivery out of the box

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

ContainerSSH: Launch containers on demand

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Advanced vulnerability scanning with Nmap NSE

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Find secrets and passwords in container images and file systems

Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

红队综合渗透框架

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

OSS Vulnerability Scanner for Windows Platform

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

The Correlated CVE Vulnerability And Threat Intelligence Database API

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

🆕 The Multi-Tool Web Vulnerability Scanner.

NERVE Continuous Vulnerability Scanner

Advanced and easy to use penetration testing framework 💣🔎

SQL Injection Payload List

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Advanced Web Browser Fingerprinting

Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

A tool for identifying misconfigured CloudFront domains

Small tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document

Terraform DigitalOcean provider

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

IAST 灰盒扫描工具

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Vulners Python API wrapper

Web-based Source Code Vulnerability Scanner

Open source and extensible Platform as a Service (PaaS).

DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.

Identify vulnerabilities in running containers, images, hosts and repositories

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

Cloud Native Runtime Security

A vulnerability scanner for container images and filesystems

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Performing security tests inside your CI

Apache Shiro 反序列化漏洞检测与利用工具

ReactJS for your infrastructure. Create and deploy full-stack apps to any infrastructure using the power of React.

🤖 The Modern Port Scanner 🤖

hacker, ready for more of our story ! 🚀

DeimosC2 is a Golang command and control framework for post-exploitation.

hack tools