Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists tagged with security-tools

A curated list of projects in awesome lists tagged with security-tools .

https://github.com/aquasecurity/trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

containers devsecops docker go golang hacktoberfest iac infrastructure-as-code kubernetes misconfiguration security security-tools vulnerability vulnerability-detection vulnerability-scanners

Last synced: 16 Dec 2024

https://github.com/Lissy93/web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website

osint privacy security security-tools sysadmin

Last synced: 25 Oct 2024

https://github.com/lissy93/web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website

osint privacy security security-tools sysadmin

Last synced: 16 Dec 2024

https://github.com/gitleaks/gitleaks

Protect and discover secrets using Gitleaks 🔑

devsecops git gitleaks go golang hacktoberfest secret security security-tools

Last synced: 16 Dec 2024

https://github.com/infisical/infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

certificate-management cli end-to-end-encryption environment-variables go golang nextjs nodejs open-source pki postgres private-ca react secret-management secret-manager secret-scanning secrets security security-tools typescript

Last synced: 16 Dec 2024

https://github.com/Infisical/infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

certificate-management cli end-to-end-encryption environment-variables go golang nextjs nodejs open-source pki postgres private-ca react secret-management secret-manager secret-scanning secrets security security-tools typescript

Last synced: 26 Oct 2024

https://github.com/cisofy/lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

auditing compliance devops devops-tools gdpr hardening hipaa linux pci-dss security-audit security-hardening security-scanner security-tools security-vulnerability shell system-hardening unix vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 16 Dec 2024

https://github.com/CISOfy/Lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

auditing compliance devops devops-tools gdpr hardening hipaa linux pci-dss security-audit security-hardening security-scanner security-tools security-vulnerability shell system-hardening unix vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 17 Nov 2024

https://github.com/CISOfy/lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

auditing compliance devops devops-tools gdpr hardening hipaa linux pci-dss security-audit security-hardening security-scanner security-tools security-vulnerability shell system-hardening unix vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 29 Oct 2024

https://github.com/prowler-cloud/prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

aws azure cis-benchmark cloud compliance devsecops forensics gcp gdpr hardening iam multi-cloud python security security-audit security-hardening security-tools well-architected

Last synced: 16 Dec 2024

https://github.com/toniblyx/my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

auditing aws-infrastructure aws-inventory aws-lambda cloud cloudtrail dfir iam incident-response security security-tools

Last synced: 16 Dec 2024

https://github.com/yogeshojha/rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

bug-bounty bugbounty hacking information-gathering infosec osint penetration-testing pentesting recon recon-engine reconnaissance rengine scanner scanner-web scanning security-tools

Last synced: 18 Dec 2024

https://github.com/presidentbeef/brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

brakeman rails ruby security security-audit security-tools security-vulnerability static-analysis vulnerabilities

Last synced: 21 Dec 2024

https://github.com/smallstep/certificates

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

acme acme-server ca certificate-authority certificates go pki security security-tools ssh tls x509

Last synced: 16 Dec 2024

https://github.com/liamg/traitor

:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

cve-2021-3560 cve-2022-0847 dirtypipe exploit gtfobins hackthebox infosec privesc privilege-escalation redteam-tools security-tools

Last synced: 17 Dec 2024

https://github.com/guardicore/monkey

Infection Monkey - An open-source adversary emulation platform

adversary-emulation infection-monkey penetration-testing security-automation security-tools

Last synced: 17 Dec 2024

https://github.com/pycqa/bandit

Bandit is a tool designed to find common security issues in Python code.

bandit linter python security security-scanner security-tools static-code-analysis

Last synced: 16 Dec 2024

https://github.com/PyCQA/bandit

Bandit is a tool designed to find common security issues in Python code.

bandit linter python security security-scanner security-tools static-code-analysis

Last synced: 26 Oct 2024

https://github.com/google/osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

scanner security-audit security-tools vulnerability-scanner

Last synced: 16 Dec 2024

https://github.com/six2dez/reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty dns fuzzing hacking nuclei osint penetration-testing pentest pentest-tool pentesting recon reconnaissance scanner security security-tools subdomain vulnerabilities

Last synced: 18 Dec 2024

https://github.com/GhostTroops/scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

0day attack auto brute-force bugbounty bugbounty-tools golang hacker hacktools nmap nuclei pentest-tool recon security-scanner security-tools ssh tools vulnerabilities-scan vulnerability-detection vulnerability-scanners

Last synced: 31 Oct 2024

https://github.com/ghosttroops/scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

0day attack auto brute-force bugbounty bugbounty-tools golang hacker hacktools nmap nuclei pentest-tool recon security-scanner security-tools ssh tools vulnerabilities-scan vulnerability-detection vulnerability-scanners

Last synced: 17 Dec 2024

https://github.com/google/syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer

fuzz-testing fuzzer fuzzing kernel linux security security-tools security-vulnerability testing

Last synced: 17 Dec 2024

https://github.com/ffffffff0x/1earn

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

blueteam collection ctf hacking ics-security infosec linux-learning markdown-article pentest pentest-tool poc post-penetration redteam security security-tools study writeup

Last synced: 17 Dec 2024

https://github.com/authzed/spicedb

Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data

abac acl ciam cloud-native database distributed-systems entitlements fga fine-grained-access-control grpc kubernetes latency permissions production rbac rebac scale security security-tools zanzibar

Last synced: 16 Dec 2024

https://github.com/k8gege/ladon

Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange

brute-force exp exploit getshell hack hacking ipscanner ladon netscan password pentest poc portscan scanner security security-scanner security-tools tools

Last synced: 20 Dec 2024

https://github.com/k8gege/Ladon

Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息,高危漏洞检测16个含MS17010、Zimbra、Exchange

brute-force exp exploit getshell hack hacking ipscanner ladon netscan password pentest poc portscan scanner security security-scanner security-tools tools

Last synced: 11 Nov 2024

https://github.com/tenable/terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

architecture aws aws-security azure-security cloud-security cloudsecurity devops devsecops gcp-security iac infrastructure infrastructure-as-code kubernetes sast scans security security-tools security-violations terraform terrascan

Last synced: 16 Dec 2024

https://github.com/accurics/terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

architecture aws aws-security azure-security cloud-security cloudsecurity devops devsecops gcp-security iac infrastructure infrastructure-as-code kubernetes sast scans security security-tools security-violations terraform terrascan

Last synced: 22 Nov 2024

https://github.com/microsoft/applicationinspector

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

application-inspector detection security-scanner security-tools software-characterization static-analysis

Last synced: 17 Dec 2024

https://github.com/microsoft/ApplicationInspector

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

application-inspector detection security-scanner security-tools software-characterization static-analysis

Last synced: 29 Oct 2024

https://github.com/urbanadventurer/android-pin-bruteforce

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

android android-security bruteforce kali-linux nethunter security security-tools usb-hid

Last synced: 19 Dec 2024

https://github.com/ullaakut/cameradar

Cameradar hacks its way into RTSP videosurveillance cameras

cameras cctv hacking hacking-tool infosec netsec penetration-testing pentesting rtsp security security-tools

Last synced: 17 Dec 2024

https://github.com/urbanadventurer/Android-PIN-Bruteforce

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

android android-security bruteforce kali-linux nethunter security security-tools usb-hid

Last synced: 21 Nov 2024

https://github.com/Ullaakut/cameradar

Cameradar hacks its way into RTSP videosurveillance cameras

cameras cctv hacking hacking-tool infosec netsec penetration-testing pentesting rtsp security security-tools

Last synced: 26 Oct 2024

https://github.com/smallstep/cli

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

certificate cryptography encryption jose jwe jws jwt mfa oath oauth security security-tools ssh sso tls totp x509

Last synced: 16 Dec 2024

https://github.com/knownsec/pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

pentesting python security security-tools

Last synced: 03 Nov 2024

https://github.com/kurolabs/stegcloak

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

cipher compression cryptography data-exfiltration functional-programming hacking hacking-tool hacking-tools infosec javascript privacy ramdajs security security-tools steganography stego

Last synced: 17 Dec 2024

https://github.com/KuroLabs/stegcloak

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

cipher compression cryptography data-exfiltration functional-programming hacking hacking-tool hacking-tools infosec javascript privacy ramdajs security security-tools steganography stego

Last synced: 30 Oct 2024

https://github.com/kelvinben/appinfoscanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。

android apk apk-dex hacking hacking-tool ipa network-security penetration-test penetration-testing-tools python3 scanner security security-tools tools web-hacking

Last synced: 20 Dec 2024

https://github.com/Security-Onion-Solutions/securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

case-management cyber-security endpoint-security information-security intrusion-detection-system monitoring network-security security security-tools threat-hunting

Last synced: 05 Nov 2024

https://github.com/security-onion-solutions/securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

case-management cyber-security endpoint-security information-security intrusion-detection-system monitoring network-security security security-tools threat-hunting

Last synced: 18 Dec 2024

https://github.com/kelvinBen/AppInfoScanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。

android apk apk-dex hacking hacking-tool ipa network-security penetration-test penetration-testing-tools python3 scanner security security-tools tools web-hacking

Last synced: 19 Nov 2024

https://github.com/netflix/consoleme

A Central Control Plane for AWS Permissions and Access

aws aws-iam cloud-security security-tools

Last synced: 17 Dec 2024

https://github.com/FeeiCN/Cobra

Source Code Security Audit (源代码安全审计)

cobra code-audit security-audit security-scanner security-tools sourcecode-analysis

Last synced: 01 Nov 2024

https://github.com/feeicn/cobra

Source Code Security Audit (源代码安全审计)

cobra code-audit security-audit security-scanner security-tools sourcecode-analysis

Last synced: 25 Sep 2024

https://github.com/Netflix/consoleme

A Central Control Plane for AWS Permissions and Access

aws aws-iam cloud-security security-tools

Last synced: 28 Oct 2024