KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-38.65%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-6.04%)
CanaryCanary: Input Detection and Response
Stars: ✭ 29 (-93%)
Linux Secureboot KitTool for complete hardening of Linux boot chain with UEFI Secure Boot
Stars: ✭ 54 (-86.96%)
KarnSimplifying Seccomp enforcement in containerized or non-containerized apps
Stars: ✭ 104 (-74.88%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+194.44%)
Terraform Aws Secure BaselineTerraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
Stars: ✭ 596 (+43.96%)
TracyA tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Stars: ✭ 464 (+12.08%)
Golang TlsSimple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+107%)
MarsnakeSystem Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-96.14%)
Privacy.sexyOpen-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆
Stars: ✭ 221 (-46.62%)
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+2036.23%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+2107%)
WssatWEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (-13.04%)
HardeningHardening Ubuntu. Systemd edition.
Stars: ✭ 705 (+70.29%)
Audit scriptsScripts to gather system configuration information for offline/remote auditing
Stars: ✭ 55 (-86.71%)
ElectriceyeContinuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.
Stars: ✭ 255 (-38.41%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+1001.69%)
ThreatmapperIdentify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (-12.8%)
XsserFrom XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
Stars: ✭ 381 (-7.97%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (-13.29%)
ProtectProactively protect your Node.js web services
Stars: ✭ 394 (-4.83%)
PyupA tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.
Stars: ✭ 379 (-8.45%)
Scaner扫描器是来自GitHub平台的开源扫描器的集合,包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具,如:awvs、nmap,w3af将不包含在集合范围内。
Stars: ✭ 357 (-13.77%)
UnsignRemove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)
Stars: ✭ 362 (-12.56%)
GadgetprobeProbe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Stars: ✭ 381 (-7.97%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (-3.86%)
RtaRed team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.
Stars: ✭ 358 (-13.53%)
Quick SecureQuickly secure UNIX/Linux systems
Stars: ✭ 379 (-8.45%)
PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-2.17%)
KatanaA Python Tool For google Hacking
Stars: ✭ 355 (-14.25%)
Myscanmyscan 被动扫描
Stars: ✭ 373 (-9.9%)
Lamp Cloudlamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台,其中的可配置的SaaS功能尤其闪耀, 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块,支持多业务系统并行开发, 支持多服务并行开发,可以作为后端服务的开发脚手架。代码简洁,注释齐全,架构清晰,非常适合学习和企业作为基础框架使用。
Stars: ✭ 4,125 (+896.38%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (-14.25%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+835.51%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (-16.67%)
Owasp Java EncoderThe OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Stars: ✭ 343 (-17.15%)
LadongoLadon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-11.59%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-17.87%)
StriptagsAn implementation of PHP's strip_tags in Typescript.
Stars: ✭ 409 (-1.21%)
Anti Xss㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
Stars: ✭ 403 (-2.66%)
Syzkallersyzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+827.78%)
Rustscan🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (+1160.39%)
Ant实时上线的 XSS 盲打平台
Stars: ✭ 340 (-17.87%)
OffensivedlrToolbox containing research notes & PoC code for weaponizing .NET's DLR
Stars: ✭ 364 (-12.08%)
Ssh Mitmssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (-19.08%)
Rhel7 CisAnsible role for Red Hat 7 CIS Baseline
Stars: ✭ 337 (-18.6%)
Race The WebTests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Stars: ✭ 385 (-7%)
Htrace.shMy simple Swiss Army knife for http/https troubleshooting and profiling.
Stars: ✭ 3,465 (+736.96%)
AwesomexssAwesome XSS stuff
Stars: ✭ 3,664 (+785.02%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (-10.63%)