Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/Myskiv-Ivan/SecTools

List of tools for SecDevOps, vulnerability analysis, network scanning
https://github.com/Myskiv-Ivan/SecTools
appsec devops devsecops hacking osint pentest-tool pentesting scanner-web secdevops security security-tools vulnerability-scanners
Last synced: about 1 month ago
JSON representation
List of tools for SecDevOps, vulnerability analysis, network scanning
Host: GitHub
URL: https://github.com/Myskiv-Ivan/SecTools
Owner: Myskiv-Ivan
License: other
Created: 2020-05-28T14:43:47.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-03-05T15:45:06.000Z (7 months ago)
Last Synced: 2024-07-08T03:34:00.343Z (2 months ago)
Topics: appsec, devops, devsecops, hacking, osint, pentest-tool, pentesting, scanner-web, secdevops, security, security-tools, vulnerability-scanners
Language: Python
Homepage:
Size: 170 KB
Stars: 31
Watchers: 3
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

README

        This repository is a collection of hacker tools, resources, and links for vulnerability analysis. Most tools are UNIX-compliant, free, and open source.

# :telescope: OSINT:

Open-source intelligence (OSINT) is intelligence collected from publicly available sources. 

* [Sherlock](https://github.com/sherlock-project/sherlock)

* [theHarverest](https://github.com/laramies/theHarvester)

* [aquatone](https://github.com/michenriksen/aquatone)

* [spiderfoot](https://github.com/smicallef/spiderfoot)

* [DNSstuff](https://www.dnsstuff.com)

* [Builtwith](https://builtwith.com/)

* [infosniper](https://www.infosniper.net/)

* [who.is](https://who.is/)

* [spyse](https://spyse.com/search/as)

* [onyphe](https://www.onyphe.io/)

* [urlscan](https://urlscan.io/)

* [scans](https://scans.io/)

* [shodan](https://www.shodan.io/)

* [censys](https://censys.io/)

* [zoomeye](https://www.zoomeye.org/)

* [R3CON1Z3R](https://github.com/abdulgaphy/r3con1z3r)

Localized search engines by country.

* [Najdsi (Slovenia)](http://www.najdi.si/)

* [Walla (Israel)](http://www.walla.co.il/)

* [Goo (Japan)](http://www.goo.ne.jp/)

* [Naver (South Korea)](http://www.naver.com/)

* [Baidu (China)](http://www.baidu.com/)

* [Yandex (Russia)](http://www.yandex.com/)

Search for all kind of files.

* [FileChef](https://www.filechef.com/)

* [File Search Engine](https://www.filesearch.link/)

* [SearchFiles.de](https://searchfiles.de/)

* [FileListing](https://filelisting.com/)

____

#  :hammer: SecAnalysisTools:

Vulnerability Assessment and Management Systems

| Software | Category | Update Last 6 mouth |

|----------------|:----------------:|:----------------:|

|[Archerysec](https://github.com/archerysec/archerysec)|Vulnerability Assessment and Management| :heavy_check_mark:|

|[DefectDojo](https://github.com/DefectDojo/django-DefectDojo)|Vulnerability Assessment and Management|:heavy_check_mark:|

|[faraday](https://github.com/infobyte/faraday)|Vulnerability Assessment and Management| :heavy_check_mark: |

|[rengine](https://github.com/yogeshojha/rengine)|Vulnerability Assessment and Management, Scanner| :heavy_check_mark: |

Vulnerability Analysis Software.

| Software | Category | Update Last 6 mouth |

|----------------|:----------------:|:----------------:|

|[hydra](https://github.com/vanhauser-thc/thc-hydra)|Password-cracker| :heavy_check_mark: |

|[Vuls](https://github.com/future-architect/vuls)|Vulnerability Assessment and Management| :heavy_check_mark: |

|[Metasploit](https://github.com/rapid7/metasploit-framework)|Exploit Framework| :heavy_check_mark: |

|[MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)|Exploit Framework (for Mobile)| :heavy_check_mark: |

|[git-secret](https://github.com/sobolevn/git-secret)|Cryptography| :heavy_check_mark: |

|[truffleHog](https://github.com/dxa4481/truffleHog)|Secret finding| :x: |

|[GitLeaks](https://github.com/zricethezav/gitleaks)|Secret finding| :heavy_check_mark: |

|[RedTeamScripts](https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts)|C# scripts| :heavy_check_mark: |

|[knock](https://github.com/guelfoweb/knock)|Subdomain Enumeration| :x: |

|[SubDomainsBrute](https://github.com/lijiejie/subDomainsBrute)|Subdomain Enumeration| :heavy_check_mark: |

|[SubDomain3](https://github.com/yanxiu0614/subdomain3)|Subdomain Enumeration| :heavy_check_mark: |

|[domained](https://github.com/TypeError/domained)|Subdomain Enumeration|:heavy_check_mark: |

|[routerslpoit](https://github.com/threat9/routersploit)|Exploit Framework| :x: |

|[BeFF](https://github.com/beefproject/beef)|Exploit Framework| :heavy_check_mark: |

## SAST:

| Software | Analyze Code | Update Last 6 mouth |

|----------------|:----------------:|:----------------:|

|[Insider](https://github.com/insidersec/insider)|Java, Kotlin, Swift, .NET, C#, Javascript| :heavy_check_mark: |

|[Bearer](https://github.com/Bearer/bearer)| JavaScript/TypeScript, Ruby, PHP, Java (Beta), Go (Beta), Python (Alpha) | :heavy_check_mark: |

|[Infer#](https://github.com/microsoft/infersharp)| C# | :heavy_check_mark: |

|[SpotBugs](https://github.com/spotbugs/spotbugs)|Java| :heavy_check_mark: |

|[PVS-Studio](https://www.viva64.com/ru/pvs-studio/)|Multilanguage| :heavy_check_mark: |

|[PMD](https://github.com/pmd/pmd)|Multilanguage| :heavy_check_mark: |

|[PHPvulnhunter](https://github.com/OneSourceCat/phpvulhunter)|PHP| :x: |

|[FindSecBug](https://github.com/find-sec-bugs/find-sec-bugs)|Java web, Andriod, Scala, Kotlin, Groovy| :heavy_check_mark: |

|[codechecker](https://github.com/Ericsson/codechecker)|C/C++| :heavy_check_mark: |

|[cppcheck](https://github.com/danmar/cppcheck)|C/C++| :heavy_check_mark: |

|[cobra](https://github.com/wufeifei/cobra)|PHP,Java| :x: |

|[brakeman](https://brakemanscanner.org/)|Ruby on Rails| :heavy_check_mark: |

|[SecCodeScan](https://github.com/security-code-scan/security-code-scan)|C#, VB.NET| :heavy_check_mark: |

|[Cascade](https://github.com/binarybird/Cascade)|C#| :x: |

|[Bandit](https://github.com/PyCQA/bandit)|Python| :heavy_check_mark: |

|[LLVM Clang](https://github.com/llvm/llvm-project)|C, Objective-C, C++ and Objective-C++| :heavy_check_mark: |

|[Codemodder](https://codemodder.io)|Java, Python, fixes non-trivial security issues and other code quality problems| :heavy_check_mark: |

## DAST, IAST:

| Software | Description | Update Last 6 mouth |

|----------------|:----------------:|:----------------:|

|[Snyk](https://github.com/snyk/snyk)|Scanner Source Code| :heavy_check_mark: |

|[Contrast](https://www.contrastsecurity.com/demo)|Application Scanner Framework| :heavy_check_mark: |

|[CloudSploit](https://github.com/cloudsploit/scans)|Analyze Cloud Infrastructure| :heavy_check_mark: |

|[SonaQube](https://www.sonarsource.com/)|Application Scanner Framework| :heavy_check_mark: |

|[WhiteSourceSoft](https://www.whitesourcesoftware.com/free-trial/)|Application Scanner Framework| :heavy_check_mark: |

|[PT Application Inspector](https://www.ptsecurity.com/ww-en/products/ai/)|Application Scanner Framework| :heavy_check_mark: |

## SCA, IAC

* https://github.com/Checkmarx/kics

* https://github.com/DependencyTrack/dependency-track

* https://github.com/bridgecrewio/checkov

* https://github.com/aquasecurity/trivy

## SBOM

* https://github.com/CycloneDX/cdxgen

* https://github.com/anchore/syft

## Scanners:

| Software | Category |Update Last 6 mouth|

|----------------|:----------------:|:----------------:|

|[Tsunami](https://github.com/google/tsunami-security-scanner)|Scanner| :heavy_check_mark: |

|[WATOBO](https://github.com/siberas/watobo)|Web Scanner| :heavy_check_mark: |

|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Scanner| :heavy_check_mark: |

|[OneForAll](https://github.com/shmilylty/OneForAll)|Scanner| :heavy_check_mark: |

|[osprey](https://github.com/TophantTechnology/osprey)|Web Scanner| :x: |

|[Xray](https://github.com/chaitin/xray)|Web Scanner| :heavy_check_mark:|

|[AZScanner](https://github.com/az0ne/AZScanner)|Scanner| :x: |

|[GroundScan](https://github.com/ysrc/GourdScanV2)|Scanner| :x: |

|[BBScan](https://github.com/RASSec/pentestER-Fully-automatic-scanner)|Scanner| :x: |

|[AnyScan](https://github.com/zhangzhenfeng/AnyScan)|Scanner| :x: |

|[WAScan](https://github.com/m4ll0k/WAScan)|Web Scanner| :heavy_check_mark: |

|[YukiChan](https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest)|Scanner| :x: |

|[Poscan](https://github.com/erevus-cn/pocscan)|Scanner| :x: |

|[w3af](https://github.com/andresriancho/w3af)|Web Scanner| :x: |

|[sn1per](https://github.com/1N3/Sn1per)|Scanner| :heavy_check_mark: |

|[Scanless](https://github.com/vesche/scanless)|Scanner| :heavy_check_mark: |

|[NoSQLMap](https://github.com/codingo/NoSQLMap)|NoSQL Scanner| :heavy_check_mark: |

|[Nmap](https://nmap.org/)|Scanner| :heavy_check_mark: |

|[NetSparker](https://www.netsparker.com/web-vulnerability-scanner/)|Scanner| :heavy_check_mark: |

|[Wapiti](https://wapiti.sourceforge.io/)|Web Scanner| :heavy_check_mark: |

|[Golismero](http://www.golismero.com/)|Scanner| :heavy_check_mark: |

|[Nexpose](https://www.rapid7.com/products/nexpose/)|Scanner| :heavy_check_mark: |

|[Raccoon](https://github.com/evyatarmeged/Raccoon)|Scanner| :x: |

|[WhatWeb](https://github.com/urbanadventurer/WhatWeb)|Web Scanner| :heavy_check_mark: |

|[Puma Scan](https://github.com/pumasecurity/puma-scan)|Scanner Analysis| :heavy_check_mark: |

|[Arachni](https://github.com/Arachni/arachni)|Web Scanner| :x: |

|[Legion](https://github.com/GoVanguard/legion)|Scanner|:heavy_check_mark: |

|[Nessus](https://www.tenable.com/products/nessus/nessus-professional)|Scanner|:heavy_check_mark:|

|[OpenVAS](https://www.openvas.org/)|Scanner|:heavy_check_mark:|

|[Acuentrix](http://www.acunetix.com/vulnerability-scanner/)|Scanner|:heavy_check_mark:|

|[Nikto](https://github.com/sullo/nikto)|Web Scanner|:heavy_check_mark:|

|[Sqlmap](https://github.com/sqlmapproject/sqlmap)|SQL Scanner| :heavy_check_mark:|

|[Striker](https://github.com/s0md3v/Striker)|Scanner|:x:|

|[Zaproxy](https://github.com/zaproxy/zaproxy)|Web Scanner|:heavy_check_mark:|

|[AutoRecon](https://github.com/Tib3rius/AutoRecon)|Scanner|:heavy_check_mark:|

|[ScanOval](https://bdu.fstec.ru/site/scanoval)|Application Vulnerabilities in XML files|:heavy_check_mark:| 

____

#  :open_file_folder: Vulnerability Database:

|Data|Description|

|----------------|----------------|

|[CVE](http://cve.mitre.org/)|Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures| 

|[Exploitdb](https://www.exploit-db.com/)|The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more|

|[0day](http://0day.today/)|0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals| 

|[NVD NIST](https://nvd.nist.gov)|NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP)| 

|[Vuldb](https://vuldb.com/)|Vulnerability database documenting and explaining security vulnerabilities and exploits| 

|[Synk](https://snyk.io/vuln)|Vulnerability database detailed information and remediation guidance for known vulnerabilities|