Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with security-audit

A curated list of projects in awesome lists tagged with security-audit .

https://github.com/gojue/ecapture

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

android android-https-capture ebpf ebpf-go ebpf-tc ebpf-uprobe golang https linux network-capture security-audit ssl ssldump tcpdump tls

Last synced: 14 May 2025

https://github.com/cisofy/lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

auditing compliance devops devops-tools gdpr hardening hipaa linux pci-dss security-audit security-hardening security-scanner security-tools security-vulnerability shell system-hardening unix vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 14 May 2025

https://github.com/CISOfy/Lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

auditing compliance devops devops-tools gdpr hardening hipaa linux pci-dss security-audit security-hardening security-scanner security-tools security-vulnerability shell system-hardening unix vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 11 May 2025

https://github.com/CISOfy/lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

auditing compliance devops devops-tools gdpr hardening hipaa linux pci-dss security-audit security-hardening security-scanner security-tools security-vulnerability shell system-hardening unix vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 26 Mar 2025

https://github.com/prowler-cloud/prowler

Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

aws azure cis-benchmark cloud cloudsecurity compliance cspm devsecops forensics gcp gdpr hardening iam multi-cloud python security security-audit security-hardening security-tools well-architected

Last synced: 13 May 2025

https://github.com/google/osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

scanner security-audit security-tools vulnerability-scanner

Last synced: 13 May 2025

https://github.com/presidentbeef/brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

brakeman rails ruby security security-audit security-tools security-vulnerability static-analysis vulnerabilities

Last synced: 12 May 2025

https://github.com/jeremylong/dependencycheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

ant-task build-tool gradle-plugin jenkins-plugin maven-plugin security security-audit software-composition-analysis vulnerability-detection

Last synced: 17 Feb 2025

https://github.com/charles2gan/gda-android-reversing-tool

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

decompiler malware-analysis mobile-security privacy-protection security-audit vulnerability-scanners

Last synced: 14 May 2025

https://github.com/charles2gan/GDA-android-reversing-Tool

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

decompiler malware-analysis mobile-security privacy-protection security-audit vulnerability-scanners

Last synced: 24 Mar 2025

https://github.com/ysrc/xunfeng

巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。

exploits infosec pentesting scanner security security-audit vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 14 May 2025

https://github.com/aquasecurity/cloudsploit

Cloud Security Posture Management (CSPM)

alibaba aqua aws azure cloud cspm gcp oci oracle security security-audit

Last synced: 14 May 2025

https://github.com/feeicn/cobra

Source Code Security Audit (源代码安全审计)

cobra code-audit security-audit security-scanner security-tools sourcecode-analysis

Last synced: 17 Jan 2025

https://github.com/FeeiCN/Cobra

Source Code Security Audit (源代码安全审计)

cobra code-audit security-audit security-scanner security-tools sourcecode-analysis

Last synced: 30 Mar 2025

https://github.com/techgaun/github-dorks

Find leaked secrets via github search

dork dorker github-dork hacking hacktoberfest security-audit

Last synced: 13 May 2025

https://github.com/goodwithtech/dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

containers docker go golang kubernetes linter security security-audit security-tools vulnerability

Last synced: 14 May 2025

https://github.com/grayddq/GScan

本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。

auditing security security-audit security-scanning security-tools vulnerability-scanning

Last synced: 14 Apr 2025

https://github.com/grayddq/gscan

本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。

auditing security security-audit security-scanning security-tools vulnerability-scanning

Last synced: 02 Apr 2025

https://github.com/evilsocket/bettercap

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

bettercap ettercap man-in-the-middle mitm proxy security security-audit spoofing sslstrip tls

Last synced: 17 Jan 2025

https://github.com/find-sec-bugs/find-sec-bugs

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

bytecode code-analysis cwe findbugs hacktoberfest java owasp security security-audit static-analysis taint-analysis

Last synced: 26 Mar 2025

https://github.com/dnakov/little-rat

🐀 Small chrome extension to monitor (and optionally block) other extensions' network calls

browser chrome-extension chromium javascript security-audit

Last synced: 14 May 2025

https://github.com/owasp/owasp-masvs

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

android-app audit gitbook ios-app mastg masvs mobile mstg owasp penetration-testing penetration-tests security security-audit security-standards standard verification

Last synced: 14 May 2025

https://github.com/codingo/reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

discover-services enumeration hacking hacking-tool kali-linux nmap offensive-security oscp penetration-testing range scanner scanning security security-audit security-scanner security-tools service-enumeration services-discovered snmp virtual-hosts

Last synced: 15 May 2025

https://github.com/codingo/Reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

discover-services enumeration hacking hacking-tool kali-linux nmap offensive-security oscp penetration-testing range scanner scanning security security-audit security-scanner security-tools service-enumeration services-discovered snmp virtual-hosts

Last synced: 30 Mar 2025

https://github.com/OWASP/owasp-masvs

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

android-app audit gitbook ios-app mastg masvs mobile mstg owasp penetration-testing penetration-tests security security-audit security-standards standard verification

Last synced: 26 Mar 2025

https://github.com/someengineering/fixinventory

Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.

aws cnapp cspm cybersecurity digitalocean gcp infrastructure-as-code policy-as-code security security-audit security-automation

Last synced: 13 May 2025

https://github.com/Syslifters/sysreptor

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

cape cdsa chhb cpts hackthebox infosectools offsec oscp osed osep oswa oswp penetration-testing pentest-reports pentesting-tool report-generator reporting reporting-tool security-assessment security-audit

Last synced: 20 Apr 2025

https://github.com/MichaelGrafnetter/DSInternals

Directory Services Internals (DSInternals) PowerShell Module and Framework

active-directory azure-ad dpapi fido2 lsa ntds nuget-packages passwords penetration-testing powershell sam security-audit

Last synced: 21 Nov 2024

https://github.com/doyensec/inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

api-documentation-tool bugbounty bugbounty-tool burp-extensions burpsuite graphql graphql-security penetration-testing security-audit security-scanner security-tools

Last synced: 14 May 2025

https://github.com/someengineering/resoto

Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.

aws cnapp cspm cybersecurity digitalocean gcp infrastructure-as-code policy-as-code security security-audit security-automation

Last synced: 15 Mar 2025

https://github.com/wireghoul/graudit

grep rough audit - source code auditing tool

security security-audit security-tools shell source-code vulnerability-detection

Last synced: 14 May 2025

https://github.com/cisagov/cset

Cybersecurity Evaluation Tool

cset security-audit

Last synced: 14 May 2025

https://github.com/w5teams/w5

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效

automation devops hack hacker hacking python-script python3 security security-audit security-automation security-tools shuffle soar tools w5 w5soar walkoff

Last synced: 05 Apr 2025

https://github.com/felixgr/secure-ios-app-dev

Collection of the most common vulnerabilities found in iOS applications

ios security security-audit vulnerability-assessment

Last synced: 23 Mar 2025

https://github.com/eliotsykes/rails-security-checklist

:key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

checklist rails rails-security rails-security-checklist ruby-on-rails security security-audit security-hardening

Last synced: 08 Apr 2025

https://github.com/cddmp/enum4linux-ng

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

ctf-tools enum4linux enumeration hackthebox htb pentest pentest-tools security security-audit

Last synced: 08 Apr 2025

https://github.com/vernu/vps-audit

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

auditi bash ci-cd debian devops ec2 infrastructure linux monitoring opensource performance-monitoring security security-audit security-tools server shell system-administration ubuntu vps

Last synced: 14 May 2025

https://github.com/codingo/vhostscan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security

Last synced: 08 Apr 2025

https://github.com/codingo/VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security

Last synced: 30 Mar 2025

https://github.com/securityftw/cs-suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

aws-audit aws-security azure azure-audit azure-security cloud-security gcp gcp-audit-report security security-audit security-tools

Last synced: 16 May 2025

https://github.com/techjacker/repo-security-scanner

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

golang security security-audit

Last synced: 16 May 2025

https://github.com/SecurityFTW/cs-suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

aws-audit aws-security azure azure-audit azure-security cloud-security gcp gcp-audit-report security security-audit security-tools

Last synced: 08 Apr 2025

https://github.com/pypa/pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

pip python security security-audit supply-chain

Last synced: 13 May 2025

https://github.com/rastating/wordpress-exploit-framework

A Ruby framework designed to aid in the penetration testing of WordPress systems.

exploits security security-audit wordpress wordpress-exploit-framework

Last synced: 19 Jan 2025

https://github.com/lirantal/npq

🎖safely* install packages with npm or yarn by auditing them as part of your install process

command-line-tool hacktoberfest npm package-manager security security-audit security-tools vulnerabilities

Last synced: 15 May 2025

https://github.com/thekingofduck/apkanalyser

一键提取安卓应用中可能存在的敏感信息。

android apkanalyser apktools security-audit security-tools url-collector

Last synced: 04 Apr 2025

https://github.com/rustsec/advisory-db

Security advisory database for Rust crates published through crates.io

rust security security-advisories security-audit vulnerabilities

Last synced: 29 Apr 2025

https://github.com/TheKingOfDuck/ApkAnalyser

一键提取安卓应用中可能存在的敏感信息。

android apkanalyser apktools security-audit security-tools url-collector

Last synced: 21 Nov 2024

https://github.com/ohmybahgosh/RockYou2021.txt

RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!

hashcat password-safety password-strength rockyou rockyou2021 security security-audit security-vulnerability wordlist wordlists wordlists-dictionary-collection

Last synced: 27 Mar 2025

https://github.com/nfcgate/nfcgate

An NFC research toolkit application for Android

android android-nfc cloning hacktoberfest hce nfc relay replay security security-audit

Last synced: 21 Nov 2024

https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

bugbounty hacking hacking-tool penetration-testing penetration-testing-tools pentesting scanner security security-audit security-scanner security-tools vulnerability-scanners web-cache

Last synced: 04 Apr 2025

https://github.com/cloudgraphdev/cli

The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.

aws azure cis cloud cspm developer-tools devops devops-tools gcp graphql iso kubernetes nist pci security security-audit security-tools tencent

Last synced: 01 Apr 2025

https://github.com/owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 03 Apr 2025

https://github.com/RustSec/advisory-db

Security advisory database for Rust crates published through crates.io

rust security security-advisories security-audit vulnerabilities

Last synced: 21 Nov 2024

https://github.com/jonrau1/ElectricEye

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

asset-management attack-surface-management aws aws-audit aws-compliance aws-security cloud-auditing cloud-compliance-reporting cloud-security compliance devsecops gcp-security google-cloud-security multicloud saas-security security-audit security-engineering security-hub security-monitoring security-tools

Last synced: 01 Apr 2025

https://github.com/deibit/cansina

Web Content Discovery Tool

pentesting python security-audit websec

Last synced: 02 Apr 2025

https://github.com/0xbug/SQLiScanner

Automatic SQL injection with Charles and sqlmap api

autoscan scanner security security-audit security-vulnerability sqlmap sqlmap-webui sqlmapapi

Last synced: 02 Apr 2025

https://github.com/softstack/smart-contract-security-audits

Certified Smart Contract Audits for Ethereum, Solana, Near, Cardano, Aptos, Sui, Binance Smart Chain, Fantom, EOS, Tezos by softstack (formerly Chainsulting)

audit bep20 binance-smart-chain defi erc20-tokens ethereum michelson move-contracts nft plutus rust security-audit smart-contract-vulnerability smart-contracts smart-contracts-audit solana-program solidity solidity-contracts vyper wasm

Last synced: 15 May 2025

https://github.com/softstack/Smart-Contract-Security-Audits

Certified Smart Contract Audits for Ethereum, Solana, Near, Cardano, Aptos, Sui, Binance Smart Chain, Fantom, EOS, Tezos by softstack (formerly Chainsulting)

audit bep20 binance-smart-chain defi erc20-tokens ethereum michelson move-contracts nft plutus rust security-audit smart-contract-vulnerability smart-contracts smart-contracts-audit solana-program solidity solidity-contracts vyper wasm

Last synced: 08 Apr 2025

https://github.com/thesp0nge/dawnscanner

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

codereview cybersecurity hanami padrino rails ruby security security-audit sinatra vulnerabilities

Last synced: 15 May 2025

https://github.com/dradis/dradis-ce

Dradis Framework: Collaboration and reporting for IT Security teams

collaboration dradis dradis-framework infosec penetration-testing pentesting security security-audit

Last synced: 02 Apr 2025

https://github.com/ossillate-inc/packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners

Last synced: 07 May 2025

https://github.com/smallcham/sec-admin

分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)

exploits infosec python scanner security security-audit vulnerability-scanners

Last synced: 21 Nov 2024