Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for security tools
security-tools
x
1,760 search results found
Npq
⭐
811
🎖safely* install packages with npm or yarn by auditing them as part of your install process
Fido
⭐
805
Electriceye
⭐
794
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
Pompem
⭐
794
Find exploit tool
Golang Tls
⭐
788
Simple Golang HTTPS/TLS Examples
Web Cache Vulnerability Scanner
⭐
756
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
Spoofcheck
⭐
755
Simple script that checks a domain for email protections
Microsoftwontfixlist
⭐
753
A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
Grapefruit
⭐
747
(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
Leaky Paths
⭐
746
A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Kube Scan
⭐
734
kube-scan: Octarine k8s cluster risk assessment tool
Threatingestor
⭐
730
Extract and aggregate threat intelligence.
Ethical Hacking Labs
⭐
726
Practical Ethical Hacking Labs 🗡🛡
Skyark
⭐
725
SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
Psudohash
⭐
724
Generates millions of keyword-based password mutations in seconds.
Salus
⭐
714
Security scanner coordinator
Ossa
⭐
711
Open-Source Security Architecture | 开源安全架构
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Witnessme
⭐
696
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Blackmamba
⭐
688
C2/post-exploitation framework
Scilla
⭐
682
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Chain Bench
⭐
674
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Betterscan Ce
⭐
673
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
Dep Scan
⭐
673
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Reverse Ssh
⭐
672
Statically-linked ssh server with reverse shell functionality for CTFs and such
Securecodebox
⭐
667
secureCodeBox (SCB) - continuous secure delivery out of the box
Monkey365
⭐
665
Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
Vampi
⭐
659
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
Scant3r
⭐
657
ScanT3r - Module based Bug Bounty Automation Tool
Rhizobia_j
⭐
650
JAVA安全SDK及编码规范
Fireelf
⭐
637
fireELF - Fileless Linux Malware Framework
Autopwn Suite
⭐
636
AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
Krane
⭐
633
Kubernetes RBAC static analysis & visualisation tool
Saferwall
⭐
632
☁️ Collaborative Malware Analysis Platform at Scale
Datasurgeon
⭐
630
Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers and a lot More From Text
Hashview Old
⭐
630
A web front-end for password cracking and analytics
Zeuscloud
⭐
628
Open Source Cloud Security
Articles Translator
⭐
621
📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Lme
⭐
616
Logging Made Easy (LME) is a free and open logging and protective monitoring solution serving all organizations.
Packetwhisper
⭐
609
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
O365spray
⭐
604
Username enumeration and password spraying tool aimed at Microsoft O365.
Ronin
⭐
600
Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories.
Patrowlmanager
⭐
598
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Ethereum Lists
⭐
597
A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.
Apkhunt
⭐
580
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
Aiodnsbrute
⭐
579
Python 3.5+ DNS asynchronous brute force utility
Opensquat
⭐
576
The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis.
Packj
⭐
573
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Mxtract
⭐
573
mXtract - Memory Extractor & Analyzer
Race The Web
⭐
569
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Llm Guard
⭐
567
The Security Toolkit for LLM Interactions
Jok3r
⭐
564
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Openappsec
⭐
557
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Huskyci
⭐
557
Performing security tests inside your CI
Impost3r
⭐
556
👻Impost3r -- A linux password thief
Kubehound
⭐
552
Kubernetes Attack Graph
Hellraiser
⭐
551
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Cargo Auditable
⭐
539
Make production Rust binaries auditable
Resolvers
⭐
536
The most exhaustive list of reliable DNS resolvers.
Haiti
⭐
532
🔑 Hash type identifier (CLI & lib)
Smart Contract Auditor Tools And Techniques
⭐
532
This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contracts
Jsprime
⭐
529
a javascript static security analysis tool
0xsp Mongoose
⭐
529
a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
Tracy
⭐
526
A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Mysql_fake_server
⭐
526
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
Envizon
⭐
519
network visualization & pentest reporting
Tripwire Open Source
⭐
518
Open Source Tripwire®
Tokenuniverse
⭐
518
An advanced tool for working with access tokens and Windows security policy.
Api Firewall
⭐
515
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
Steady
⭐
514
Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
Android Disassembler
⭐
504
Disassemble ANY files including .so (NDK, JNI), Windows PE(EXE, DLL, SYS, etc), linux binaries, libraries, and any other files such as pictures, audios, etc(for fun)files on Android. Capstone-based disassembler application on android. 안드로이드 NDK 공유 라이브러리, Windows 바이너리, etc,... 리버싱 앱
Above
⭐
502
Invisible network protocol sniffer
Kubesploit
⭐
501
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
Kubestriker
⭐
500
A Blazing fast Security Auditing tool for Kubernetes
Crlfsuite
⭐
499
The most powerful CRLF injection (HTTP Response Splitting) scanner.
Rustbuster
⭐
493
A Comprehensive Web Fuzzer and Content Discovery Tool
Darkangel
⭐
492
DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL
Yasuo
⭐
491
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Adhrit
⭐
484
Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Burpa
⭐
482
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Flutter Spy
⭐
480
Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.
Offensivedlr
⭐
477
Toolbox containing research notes & PoC code for weaponizing .NET's DLR
Fuzzable
⭐
475
Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured at Black Hat Arsenal USA 2022.
Raven Storm
⭐
475
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
Raven
⭐
475
CI/CD Security Analyzer
Edrhunt
⭐
475
Scan installed EDRs and AVs on Windows
Fwanalyzer
⭐
475
a tool to analyze filesystem images for security
Evilscan
⭐
471
NodeJS Simple Network Scanner
Dpt Shell
⭐
468
An android Dex protects shell implementation
Rhel7 Cis
⭐
463
Ansible role for Red Hat 7 CIS Baseline
Ote
⭐
462
OSINT Template Engine
Ansible Role Hardening
⭐
462
Ansible role to apply a security baseline. Systemd edition.
Ppfuzz
⭐
460
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
Offsec Reporting
⭐
459
Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool
Sandworm Audit
⭐
455
Security & License Compliance For Your App's Dependencies 🪱
Powershellarmoury
⭐
449
A PowerShell armoury for security guys and girls
Chronicle
⭐
449
Public append-only ledger microservice built with Slim Framework
Spidersuite
⭐
447
Advance web spider/crawler for cyber security professionals
Vulnerablecode
⭐
447
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
Catsniffer
⭐
446
CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable USB stick that integrates TI CC1352, Semtech SX1262, and an RP2040 for V3 or a Microchip SAMD21E17 for V2
Related Searches
Python Security Tools (592)
201-300 of 1,760 search results
< Previous
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.