Awesome Open Source

Programming Languages

Search results for security audit

security-audit x

394 search results found

Lynis ⭐ 12,150

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Vuls ⭐ 10,487

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Prowler ⭐ 9,547

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Wazuh ⭐ 8,176

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Scanners Box ⭐ 7,972

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Ecapture ⭐ 7,730

Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/Aarch64.

Brakeman ⭐ 6,840

A static analysis security vulnerability scanner for Ruby on Rails applications

Dependencycheck ⭐ 5,870

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Osv Scanner ⭐ 5,632

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Faraday ⭐ 4,422

Open Source Vulnerability Management Platform

Dynamic java method AOP hook for Android(continution of Dexposed on ART), Supporting 5.0~11

Arachni ⭐ 3,632

Web Application Security Scanner Framework

Gda Android Reversing Tool ⭐ 3,519

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

Cloudsploit ⭐ 3,155

Cloud Security Posture Management (CSPM)

Cobra ⭐ 3,111

Source Code Security Audit (源代码安全审计)

Vulscan ⭐ 2,983

Advanced vulnerability scanning with Nmap NSE

Xunfeng ⭐ 2,946

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Nosqlmap ⭐ 2,728

Automated NoSQL database enumeration and web application exploitation tool.

Bundler Audit ⭐ 2,625

Patch-level verification for Bundler

Github Dorks ⭐ 2,546

Find leaked secrets via github search

Dockle ⭐ 2,534

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Gscan ⭐ 2,497

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化

Find Sec Bugs ⭐ 2,160

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Reconnoitre ⭐ 2,053

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Owasp Masvs ⭐ 1,938

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Little Rat ⭐ 1,842

🐀 Small chrome extension to monitor (and optionally block) other extensions' network calls

Pwndoc ⭐ 1,827

Pentest Report Generator

Sn0int ⭐ 1,749

Semi-automatic OSINT framework and package manager

Diamorphine ⭐ 1,639

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Bearer ⭐ 1,554

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Dsinternals ⭐ 1,476

Directory Services Internals (DSInternals) PowerShell Module and Framework

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Secure Ios App Dev ⭐ 1,338

Collection of the most common vulnerabilities found in iOS applications

Rails Security Checklist ⭐ 1,305

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

Cybersecurity Evaluation Tool

Graudit ⭐ 1,182

grep rough audit - source code auditing tool

Ssh Mitm ⭐ 1,176

SSH-MITM - ssh audits made simple

Pythem ⭐ 1,172

pentest framework

Repo Security Scanner ⭐ 1,132

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

Cs Suite ⭐ 1,118

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Vhostscan ⭐ 1,114

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Sysreptor ⭐ 979

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.

Enum4linux Ng ⭐ 896

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Pip Audit ⭐ 882

Audits Python environments and dependency trees for known vulnerabilities

Hacking Toolkit

Cansina ⭐ 852

Web Content Discovery Tool

Advisory Db ⭐ 849

Security advisory database for Rust crates published through crates.io

The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.

Wordpress Exploit Framework ⭐ 822

A Ruby framework designed to aid in the penetration testing of WordPress systems.

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Skf Flask ⭐ 794

Security Knowledge Framework (SKF) Python Flask / Angular project

Electriceye ⭐ 794

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Golang Tls ⭐ 788

Simple Golang HTTPS/TLS Examples

Nfcgate ⭐ 770

An NFC research toolkit application for Android

Web Cache Vulnerability Scanner ⭐ 756

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Smart Contract Security Audits ⭐ 745

Certified Smart Contract Audits for Ethereum, Solana, Near, Cardano, Aptos, Sui, Binance Smart Chain, Fantom, EOS, Tezos by softstack (formerly Chainsulting)

Kube Scan ⭐ 734

kube-scan: Octarine k8s cluster risk assessment tool

Dawnscanner ⭐ 714

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

Open-Source Security Architecture | 开源安全架构

Linux_kernel_cves ⭐ 691

Tracking CVEs for the linux Kernel

Gourdscanv2 ⭐ 683

被动式漏洞扫描系统

Dep Scan ⭐ 673

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

Betterscan Ce ⭐ 673

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

Objectivepgp ⭐ 644

ObjectivePGP is an open-source library for iOS and macOS that provides developers with tools for implementing OpenPGP encryption and decryption, digital signing, and signature verification in their applications, thereby enhancing security and data integrity.

Sqliscanner ⭐ 640

Automatic SQL injection with Charles and sqlmap api

Rockyou2021.txt ⭐ 636

RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!

Dradis Ce ⭐ 608

Dradis Framework: Colllaboration and reporting for IT Security teams

Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Smart Contract Audits ⭐ 558

Smart Contract security audit reports

Kubehound ⭐ 552

Kubernetes Attack Graph

Hellraiser ⭐ 545

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Cargo Auditable ⭐ 539

Make production Rust binaries auditable

Tlsfuzzer ⭐ 536

SSL and TLS protocol test suite and fuzzer

0xsp Mongoose ⭐ 529

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Integration of Clair and Docker Registry

Kubestriker ⭐ 500

A Blazing fast Security Auditing tool for Kubernetes

Archstrike ⭐ 487

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Django Secure ⭐ 479

This project was merged into Django 1.8, and is now unsupported and unmaintained as a third-party app.

Fwanalyzer ⭐ 475

a tool to analyze filesystem images for security

Python source code auditing and static analysis on a large scale

Ssti Payloads ⭐ 465

🎯 Server Side Template Injection Payloads

Securitymanageframwork ⭐ 421

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Badkarma ⭐ 408

network reconnaissance toolkit

Aws Cloudsaga ⭐ 406

AWS CloudSaga - Simulate security events in AWS

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Smart Contract Auditor Tools And Techniques ⭐ 384

This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contracts

Ehids Agent ⭐ 374

A Linux Host-based Intrusion Detection System based on eBPF.

Secure, Unified, Powerful and Extensible Rust Android Analyzer

Web application vulnerability scanner

Set of tools to audit SIP based VoIP Systems

Dependency Check Gradle ⭐ 340

The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.

Powershellisfun ⭐ 338

Repository with the scripts that I have used in my blogs on https://powershellisfun.com. If you like these, please sponsor this project using the Sponsor button below

Sec Admin ⭐ 329

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

Quillaudit_reports ⭐ 312

QuillAudits Smart Contracts, deFi, NFT, tokens,Dao , Dex and DApps Audit Reports

Webapp Checklist ⭐ 302

Technical details that a programmer of a web application should consider before making the site public.

Web-based Source Code Vulnerability Scanner

Mix_audit ⭐ 291

🕵️‍♀️ MixAudit provides a mix deps.audit task to scan a project Mix dependencies for known Elixir security vulnerabilities

Opencspm ⭐ 285

Open Cloud Security Posture Management Engine

1-100 of 394 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.