Awesome Open Source

Programming Languages

Search results for security tools

security-tools x

1,760 search results found

X64dbg ⭐ 42,376

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Trivy ⭐ 20,160

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Gitleaks ⭐ 15,221

Protect and discover secrets using Gitleaks 🔑

Trufflehog ⭐ 13,788

Find and verify credentials

Personal Security Checklist ⭐ 13,306

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2023

Rustscan ⭐ 12,153

🤖 The Modern Port Scanner 🤖

Lynis ⭐ 12,150

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Zaproxy ⭐ 11,661

The ZAP core project

Spiderfoot ⭐ 11,035

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Social Analyzer ⭐ 10,841

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Vuls ⭐ 10,487

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Scapy ⭐ 9,725

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

Fail2ban ⭐ 9,695

Daemon to ban hosts that cause multiple authentication errors

Prowler ⭐ 9,534

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

My Arsenal Of Aws Security Tools ⭐ 8,549

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Wazuh ⭐ 8,176

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Safeline ⭐ 7,795

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。

Sn1per ⭐ 7,480

Attack Surface Management Platform

Gosec ⭐ 7,276

Go security checker

Sliver ⭐ 7,152

Adversary Emulation Framework

Brakeman ⭐ 6,840

A static analysis security vulnerability scanner for Ruby on Rails applications

Web Check ⭐ 6,508

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Rengine ⭐ 6,446

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Monkey ⭐ 6,414

Infection Monkey - An open-source adversary emulation platform

Traitor ⭐ 6,329

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Awesome Hacker Search Engines ⭐ 6,307

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Bandit ⭐ 5,989

Bandit is a tool designed to find common security issues in Python code.

Certificates ⭐ 5,887

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Gather and update all available and newest CVEs with their PoC.

Osv Scanner ⭐ 5,632

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Reconftw ⭐ 5,204

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Linux Exploit Suggester ⭐ 5,139

Linux privilege escalation auditing tool

Whatweb ⭐ 5,096

Next generation web scanner

Osmedeus ⭐ 5,076

A Workflow Engine for Offensive Security

Syzkaller ⭐ 5,008

syzkaller is an unsupervised coverage-guided kernel fuzzer

Scan4all ⭐ 4,909

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Autosploit ⭐ 4,858

Automated Mass Exploiter

1earn ⭐ 4,841

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Awesome Security Hardening ⭐ 4,670

A collection of awesome security hardening guides, tools and other resources

Modlishka ⭐ 4,670

Modlishka. Reverse Proxy.

Awesome Shodan Queries ⭐ 4,597

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Ladon ⭐ 4,564

Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SM

Cheatsheet God ⭐ 4,540

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Threatmapper ⭐ 4,534

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Terrascan ⭐ 4,500

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Applicationinspector ⭐ 4,152

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Spicedb ⭐ 4,131

Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications

Redteam Tools ⭐ 4,019

Tools and Techniques for Red Team / Penetration Testing

Cameradar ⭐ 3,626

Cameradar hacks its way into RTSP videosurveillance cameras

Blackhat Arsenal Tools ⭐ 3,551

Official Black Hat Arsenal Security Tools Repository

Htrace.sh ⭐ 3,514

My simple Swiss Army knife for http/https troubleshooting and profiling.

Pocsuite3 ⭐ 3,412

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Android Pin Bruteforce ⭐ 3,291

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

Usbrubberducky Payloads ⭐ 3,242

The Official USB Rubber Ducky Payload Repository

Privacy.sexy ⭐ 3,241

Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy

Stegcloak ⭐ 3,158

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

A recursive internet scanner for hackers.

Cobra ⭐ 3,111

Source Code Security Audit (源代码安全审计)

Intelowl ⭐ 3,108

IntelOwl: manage your Threat Intelligence at scale

Consoleme ⭐ 3,025

A Central Control Plane for AWS Permissions and Access

Vulmap ⭐ 2,935

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Nettacker ⭐ 2,915

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Secretscanner ⭐ 2,900

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

Chipsec ⭐ 2,771

Platform Security Assessment Framework

Nosqlmap ⭐ 2,728

Automated NoSQL database enumeration and web application exploitation tool.

Awesome Hacking ⭐ 2,716

Awesome hacking is an awesome collection of hacking tools.

Black Hat Rust ⭐ 2,662

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Pentest Tools ⭐ 2,652

A collection of custom security tools for quick needs.

Bundler Audit ⭐ 2,625

Patch-level verification for Bundler

Attacksurfaceanalyzer ⭐ 2,616

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

Securityonion ⭐ 2,589

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

Awesome Bugbounty Tools ⭐ 2,580

A curated list of various bug bounty tools

Dockle ⭐ 2,534

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Awesome Mobile Security ⭐ 2,511

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Containerssh ⭐ 2,504

ContainerSSH: Launch containers on demand

Bashbunny Payloads ⭐ 2,499

The Official Bash Bunny Payload Repository

Hyperdbg ⭐ 2,457

State-of-the-art native debugging tool

Gscan ⭐ 2,412

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化

Sysmon Modular ⭐ 2,364

A repository of sysmon configuration modules

Torbot ⭐ 2,338

Dark Web OSINT Tool

EMBA - The firmware security analyzer

Stowaway ⭐ 2,195

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Gokart ⭐ 2,141

A static analysis tool for securing Go code

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Silenttrinity ⭐ 2,087

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Easyprotector ⭐ 2,075

一行代码检测XP/调试/多开/模拟器/root

Content ⭐ 2,065

Security automation content in SCAP, Bash, Ansible, and other formats

Reconnoitre ⭐ 2,053

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Picocrypt ⭐ 2,043

A very small, very simple, yet very secure encryption tool.

Appinfoscanner ⭐ 1,975

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网

Jaeles ⭐ 1,951

The Swiss Army knife for automated Web Application Testing

Apisecuritybestpractices ⭐ 1,890

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Gitgraber ⭐ 1,870

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

W13scan ⭐ 1,851

Passive Security Scanner (被动式安全扫描器)

Packetstreamer ⭐ 1,851

⭐ ⭐ Distributed tcpdump for cloud native environments ⭐ ⭐

Dismap ⭐ 1,840

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

Pwndoc ⭐ 1,827

Pentest Report Generator

Related Searches

Python Security Tools (592)

1-100 of 1,760 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.