Awesome Open Source

Programming Languages

Search results for security tools

security-tools x

1,760 search results found

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Electriceye ⭐ 794

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Find exploit tool

Golang Tls ⭐ 788

Simple Golang HTTPS/TLS Examples

Web Cache Vulnerability Scanner ⭐ 756

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Spoofcheck ⭐ 755

Simple script that checks a domain for email protections

Microsoftwontfixlist ⭐ 753

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Grapefruit ⭐ 747

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Leaky Paths ⭐ 746

A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Kube Scan ⭐ 734

kube-scan: Octarine k8s cluster risk assessment tool

Threatingestor ⭐ 730

Extract and aggregate threat intelligence.

Ethical Hacking Labs ⭐ 726

Practical Ethical Hacking Labs 🗡🛡

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

Psudohash ⭐ 724

Generates millions of keyword-based password mutations in seconds.

Security scanner coordinator

Open-Source Security Architecture | 开源安全架构

Dumpsterfire ⭐ 709

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Witnessme ⭐ 696

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Blackmamba ⭐ 688

C2/post-exploitation framework

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Chain Bench ⭐ 674

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Betterscan Ce ⭐ 673

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

Dep Scan ⭐ 673

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

Reverse Ssh ⭐ 672

Statically-linked ssh server with reverse shell functionality for CTFs and such

Securecodebox ⭐ 667

secureCodeBox (SCB) - continuous secure delivery out of the box

Monkey365 ⭐ 665

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Scant3r ⭐ 657

ScanT3r - Module based Bug Bounty Automation Tool

Rhizobia_j ⭐ 650

JAVA安全SDK及编码规范

Fireelf ⭐ 637

fireELF - Fileless Linux Malware Framework

Autopwn Suite ⭐ 636

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

Kubernetes RBAC static analysis & visualisation tool

Saferwall ⭐ 632

☁️ Collaborative Malware Analysis Platform at Scale

Datasurgeon ⭐ 630

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers and a lot More From Text

Hashview Old ⭐ 630

A web front-end for password cracking and analytics

Zeuscloud ⭐ 628

Open Source Cloud Security

Articles Translator ⭐ 621

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

Logging Made Easy (LME) is a free and open logging and protective monitoring solution serving all organizations.

Packetwhisper ⭐ 609

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

O365spray ⭐ 604

Username enumeration and password spraying tool aimed at Microsoft O365.

Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories.

Patrowlmanager ⭐ 598

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Ethereum Lists ⭐ 597

A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

Apkhunt ⭐ 580

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

Aiodnsbrute ⭐ 579

Python 3.5+ DNS asynchronous brute force utility

Opensquat ⭐ 576

The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis.

Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Mxtract ⭐ 573

mXtract - Memory Extractor & Analyzer

Race The Web ⭐ 569

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Llm Guard ⭐ 567

The Security Toolkit for LLM Interactions

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Openappsec ⭐ 557

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Huskyci ⭐ 557

Performing security tests inside your CI

Impost3r ⭐ 556

👻Impost3r -- A linux password thief

Kubehound ⭐ 552

Kubernetes Attack Graph

Hellraiser ⭐ 551

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Cargo Auditable ⭐ 539

Make production Rust binaries auditable

Resolvers ⭐ 536

The most exhaustive list of reliable DNS resolvers.

🔑 Hash type identifier (CLI & lib)

Smart Contract Auditor Tools And Techniques ⭐ 532

This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contracts

Jsprime ⭐ 529

a javascript static security analysis tool

0xsp Mongoose ⭐ 529

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Mysql_fake_server ⭐ 526

MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize

Envizon ⭐ 519

network visualization & pentest reporting

Tripwire Open Source ⭐ 518

Open Source Tripwire®

Tokenuniverse ⭐ 518

An advanced tool for working with access tokens and Windows security policy.

Api Firewall ⭐ 515

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Android Disassembler ⭐ 504

Disassemble ANY files including .so (NDK, JNI), Windows PE(EXE, DLL, SYS, etc), linux binaries, libraries, and any other files such as pictures, audios, etc(for fun)files on Android. Capstone-based disassembler application on android. 안드로이드 NDK 공유 라이브러리, Windows 바이너리, etc,... 리버싱 앱

Invisible network protocol sniffer

Kubesploit ⭐ 501

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

Kubestriker ⭐ 500

A Blazing fast Security Auditing tool for Kubernetes

Crlfsuite ⭐ 499

The most powerful CRLF injection (HTTP Response Splitting) scanner.

Rustbuster ⭐ 493

A Comprehensive Web Fuzzer and Content Discovery Tool

Darkangel ⭐ 492

DarkAngel 是一款全自动白帽漏洞扫描器，从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Flutter Spy ⭐ 480

Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.

Offensivedlr ⭐ 477

Toolbox containing research notes & PoC code for weaponizing .NET's DLR

Fuzzable ⭐ 475

Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured at Black Hat Arsenal USA 2022.

Raven Storm ⭐ 475

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

CI/CD Security Analyzer

Edrhunt ⭐ 475

Scan installed EDRs and AVs on Windows

Fwanalyzer ⭐ 475

a tool to analyze filesystem images for security

Evilscan ⭐ 471

NodeJS Simple Network Scanner

Dpt Shell ⭐ 468

An android Dex protects shell implementation

Rhel7 Cis ⭐ 463

Ansible role for Red Hat 7 CIS Baseline

OSINT Template Engine

Ansible Role Hardening ⭐ 462

Ansible role to apply a security baseline. Systemd edition.

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

Offsec Reporting ⭐ 459

Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool

Sandworm Audit ⭐ 455

Security & License Compliance For Your App's Dependencies 🪱

Powershellarmoury ⭐ 449

A PowerShell armoury for security guys and girls

Chronicle ⭐ 449

Public append-only ledger microservice built with Slim Framework

Spidersuite ⭐ 447

Advance web spider/crawler for cyber security professionals

Vulnerablecode ⭐ 447

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Catsniffer ⭐ 446

CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable USB stick that integrates TI CC1352, Semtech SX1262, and an RP2040 for V3 or a Microchip SAMD21E17 for V2

Related Searches

Python Security Tools (592)

201-300 of 1,760 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.