5224 Open source projects that are alternatives of or similar to Vulny Code Static Analysis

Performing security tests inside your CI

Security scanner coordinator

Open-Source Security Architecture | 开源安全架构

Secure, Unified, Powerful and Extensible Rust Android Analyzer

WEB SERVICE SECURITY ASSESSMENT TOOL

Kubernetes RBAC static Analysis & visualisation tool

A static analysis security vulnerability scanner for Ruby on Rails applications

🆕 The Multi-Tool Web Vulnerability Scanner.

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

a javascript static security analysis tool

Enumeration sub domains(枚举子域名)

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Golang安全资源合集

A default credential scanner.

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

A Machine Learning approach for classifying a file as Malicious or Legitimate

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

The OWASP ZAP core project

Find known vulnerabilities in your dependencies

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

Application and Service Fingerprinting

Android Mobile Device Hardening

Telling tales on you for leaking secrets!

Awesome Python Security resources 🕶🐍🔐

Simple Golang HTTPS/TLS Examples

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

InQL - A Burp Extension for GraphQL Security Testing

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

The Swiss Army knife for automated Web Application Testing

Vulnerability Static Analysis for Containers

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

🐞 Primitive Erlang Security Tool

A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

Extension for PHPStan to allow analysis of Drupal code.

kube-scan: Octarine k8s cluster risk assessment tool

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Command line tool to validate configuration files

Standalone linter for ABAP

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A curated list of vulnerable web applications.

Automated NoSQL database enumeration and web application exploitation tool.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

nodejsscan is a static security code scanner for Node.js applications.

Semgrep rules registry

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Some of the best web shells that you might need!

Validation of best practices in your Kubernetes clusters

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈