My curated list of security tools for my own usage.

• Nikto : Web Server scanner - https://github.com/sullo/nikto
• Spyse : Online Web security tool / scanner - https://spyse.com/
• Arachni : Web security scanner framework - https://www.arachni-scanner.com/
• Qualys SSL Labs : SSL checking/auditing tool - https://www.ssllabs.com/ssltest/
• Naxsi : WAF for nginx - https://github.com/nbs-system/naxsi

• MobSF : SAST/DAST security tools for Android/iOS mobiles - https://github.com/MobSF/Mobile-Security-Framework-MobSF

• Lynis : Security auditing tool for Linux - https://github.com/CISOfy/lynis

• ScoutSuite : Security auditing tool for Cloud envs - https://github.com/nccgroup/ScoutSuite
• Azucar : Security auditing tool for Azure - https://github.com/nccgroup/azucar/
• Prowler : Security auditing tool for AWS - https://github.com/toniblyx/prowler

• Trivy : Vulnerability scanner - https://github.com/aquasecurity/trivy
• Clair : Vulnerability Static Analysis - https://github.com/quay/clair
• Dive : Exploring docker layers - https://github.com/wagoodman/dive
• Dlayer : Another docker layer analyzer - https://github.com/orisano/dlayer

• Sqlmap : Automatic SQL injection and database takeover tool - https://github.com/sqlmapproject/sqlmap

• Semgrep : Lightweight static analysis for many languages - https://github.com/returntocorp/semgrep

Others security tools lists :

• https://github.com/paragonie/awesome-appsec
• https://github.com/sbilly/awesome-security
• https://github.com/qazbnm456/awesome-web-security