My curated list of security tools for my own usage.
- Nikto : Web Server scanner - https://github.com/sullo/nikto
- Spyse : Online Web security tool / scanner - https://spyse.com/
- Arachni : Web security scanner framework - https://www.arachni-scanner.com/
- Qualys SSL Labs : SSL checking/auditing tool - https://www.ssllabs.com/ssltest/
- Naxsi : WAF for nginx - https://github.com/nbs-system/naxsi
- MobSF : SAST/DAST security tools for Android/iOS mobiles - https://github.com/MobSF/Mobile-Security-Framework-MobSF
- Lynis : Security auditing tool for Linux - https://github.com/CISOfy/lynis
- ScoutSuite : Security auditing tool for Cloud envs - https://github.com/nccgroup/ScoutSuite
- Azucar : Security auditing tool for Azure - https://github.com/nccgroup/azucar/
- Prowler : Security auditing tool for AWS - https://github.com/toniblyx/prowler
- Trivy : Vulnerability scanner - https://github.com/aquasecurity/trivy
- Clair : Vulnerability Static Analysis - https://github.com/quay/clair
- Dive : Exploring docker layers - https://github.com/wagoodman/dive
- Dlayer : Another docker layer analyzer - https://github.com/orisano/dlayer
- Sqlmap : Automatic SQL injection and database takeover tool - https://github.com/sqlmapproject/sqlmap
- Semgrep : Lightweight static analysis for many languages - https://github.com/returntocorp/semgrep
Others security tools lists :