security-audit

There are 110 repositories under security-audit topic.

• CISOfy / lynis

  Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  shelllinuxpci-dsscompliancesecurity-auditsecurity-hardeningsecurity-scannersecurity-vulnerabilityhipaaunixvulnerability-detectionvulnerability-scannersvulnerability-assessmentdevopsdevops-toolssystem-hardeninghardeningauditinggdprsecurity-tools
  Language:Shell 12583

• future-architect / vuls

  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  vulsvulnerability-scannersgolanggolinuxfreebsdvulnerability-detectionsecuritysecurity-toolscybersecuritysecurity-vulnerabilitysecurity-scannersecurity-hardeningsecurity-automationsecurity-auditvulnerability-assessmentvulnerability-managementvulnerability-scannervulnerabilitiesadministrator
  Language:Go 10699
• prowler

  prowler-cloud / prowler

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  awsazurecis-benchmarkcloudcompliancedevsecopsforensicsgcpgdprhardeningiammulti-cloudpythonsecuritysecurity-auditsecurity-hardeningsecurity-toolswell-architected
  Language:Python 9640

• wazuh / wazuh

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  securitycompliancelog-analysisvulnerability-detectioncybersecurityfile-integrity-monitoringinfosecmalware-detectioncloud-securitycontainer-securitysecurity-automationsecurity-toolssiemxdrconfiguration-assessementincident-responsepci-dsssecurity-auditsecurity-hardeningwazuh
  Language:C 9313

• gojue / ecapture

  Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

  golangebpftcpdumpssldumphttpstlssecurity-auditnetwork-captureandroid-https-capturesslebpf-goebpf-tcebpf-uprobeandroidlinux
  Language:C 8245
• Scanners-Box

  We5ter / Scanners-Box

  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

  pentesting-toolshacker-toolsvulnerability-scannersinformation-securityredteam-toolspenetration-testingdevsecopssecurity-automationsmart-contractsprivacy-complianceapk-analysisbinary-analysisexploitation-frameworkmalware-analysissecurity-auditcode-analyzerstatic-analysiswifi-hackingwifi-security
  8010
• brakeman

  presidentbeef / brakeman

  A static analysis security vulnerability scanner for Ruby on Rails applications

  rubyrailssecuritystatic-analysisvulnerabilitiesbrakemansecurity-vulnerabilitysecurity-toolssecurity-audit
  Language:Ruby 6918

• jeremylong / DependencyCheck

  OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

  security-auditbuild-toolmaven-pluginjenkins-plugingradle-pluginvulnerability-detectionsecurityant-tasksoftware-composition-analysis
  Language:Java 5924

• google / osv-scanner

  Vulnerability scanner written in Go which uses the data provided by https://osv.dev

  scannersecurity-auditsecurity-toolsvulnerability-scanner
  Language:Go 5874

• infobyte / faraday

  Open Source Vulnerability Management Platform

  devopspenetration-testingvulnerabilityvulnerability-scannerssecuritysecurity-auditpentestingcontinuous-scanninginfosecvulnerability-managementcollaborationburpsuitenessusnmapdevsecopssecurity-automationorchestrationcveappseccybersecurity
  Language:Python 4641

• charles2gan / GDA-android-reversing-Tool

  the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

  decompilervulnerability-scannersmalware-analysissecurity-auditmobile-securityprivacy-protection
  Language:Java 3926

• Arachni / arachni

  Web Application Security Scanner Framework

  arachnidomrubyauditdetectionsecurity-auditanalysismodularjavascriptscannersweb-applicationvulnerability-detectioncrawlerscannerhackhackingpenetration-testingxsssql-injection
  Language:Ruby 3654

• ysrc / xunfeng

  巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

  securitypentestinginfosecexploitssecurity-auditvulnerability-detectionscannervulnerability-assessmentvulnerability-scanners
  Language:Python 3504

• scipag / vulscan

  Advanced vulnerability scanning with Nmap NSE

  vulnerabilityvulnerability-scannersvulnerability-detectionvulnerability-identificationvulnerability-assessmentsecuritysecurity-auditsecurity-scannerpenetration-testingnmapnmap-scriptsexploitvulnerability-scanningvulnerability-databasesvulnerability-database-entrynmap-scan-scriptnsensescriptlualua-script
  Language:Lua 3337

• aquasecurity / cloudsploit

  Cloud Security Posture Management (CSPM)

  awssecuritysecurity-auditcloudazurecspmaquagcpocioraclealibaba
  Language:JavaScript 3206

• FeeiCN / Cobra

  Source Code Security Audit (源代码安全审计)

  cobracode-auditsourcecode-analysissecurity-toolssecurity-auditsecurity-scanner
  Language:Python 3121

• codingo / NoSQLMap

  Automated NoSQL database enumeration and web application exploitation tool.

  nosqlnosql-databasespenetration-testingscannersecurity-auditsecurity-toolssecurity-toolsetoffensive-securityenumerationdatabasesmongodbcouchdbweb-application-securitybugbountyredismongodb-databasesql-injectionhackinghacking-toolhacktoberfest
  Language:Python 2764

• techgaun / github-dorks

  Find leaked secrets via github search

  dorkdorkergithub-dorkhackinghacktoberfestsecurity-audit
  Language:Python 2668

• goodwithtech / dockle

  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

  dockercontainerskubernetessecuritysecurity-toolssecurity-auditlintergogolangvulnerability
  Language:Go 2661

• rubysec / bundler-audit

  Patch-level verification for Bundler

  bundler-auditdependency-checkerpatch-managementrubyruby-advisory-dbsecuritysecurity-auditsecurity-tools
  Language:Ruby 2653

• grayddq / GScan

  本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

  auditingsecuritysecurity-auditsecurity-scanningsecurity-toolsvulnerability-scanning
  Language:Python 2504

• evilsocket / bettercap

  DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

  bettercapettercapman-in-the-middlemitmproxysecuritysecurity-auditspoofingsslstriptls
  2502
• find-sec-bugs

  find-sec-bugs / find-sec-bugs

  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  findbugsjavasecurity-auditowasptaint-analysiscode-analysissecuritybytecodecwestatic-analysishacktoberfest
  Language:Java 2209

• codingo / Reconnoitre

  A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

  oscppenetration-testingscannersecuritysecurity-auditsecurity-toolssecurity-scanneroffensive-securitynmapenumerationscanningkali-linuxservice-enumerationservices-discovereddiscover-servicesrangesnmphackinghacking-toolvirtual-hosts
  Language:Python 2076

• pwndoc / pwndoc

  Pentest Report Generator

  pentestreportingpentesting-toolreporting-toolsecuritysecurity-toolcollaborationauditsecurity-auditpenetration-testingvulnerabilitiesinfosec
  Language:JavaScript 2059
• little-rat

  dnakov / little-rat

  🐀 Small chrome extension to monitor (and optionally block) other extensions' network calls

  chrome-extensionjavascriptsecurity-auditbrowserchromium
  Language:JavaScript 2001

• OWASP / owasp-masvs

  The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  masvsverificationmobilesecurityauditpenetration-testsstandardgitbookpenetration-testingowaspsecurity-auditsecurity-standardsmstgios-appandroid-appmastg
  Language:Python 1946
• sn0int

  kpcyrd / sn0int

  Semi-automatic OSINT framework and package manager

  osintintelligenceosint-frameworkcertificate-transparencyrustsecuritysecurity-auditsecurity-scannerinvestigationreconnaissancereconluapentestinglocationbug-bounty
  Language:Rust 1868
• bearer

  Bearer / bearer

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  appseccompliancedevsecopsdevsecops-toolssecuritysecurity-toolsdataflowgdprprivacysaststatic-code-analysisvulnerabilitysecurity-auditsecurity-scannervulnerabilitiescode-qualitystatic-analysissecurity-automationowasp
  Language:Go 1772

• m0nad / Diamorphine

  LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

  rootkitlkm-rootkitckernelkernel-modulesecurity-toolslinuxlinux-kernelhackinghacking-toolbackdoormalwarepentestingpentestredteamredteamingsecurity-auditsecurityadvanced-persistent-threatstealth
  Language:C 1672
• DSInternals

  MichaelGrafnetter / DSInternals

  Directory Services Internals (DSInternals) PowerShell Module and Framework

  security-auditpenetration-testingactive-directorynuget-packagesntdspowershelldpapisamlsapasswordsazure-adfido2
  Language:C# 1536
• inql

  doyensec / inql

  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

  graphqlsecurity-scannergraphql-securityapi-documentation-toolsecurity-toolssecurity-auditburp-extensionsburpsuitebugbountybugbounty-toolpenetration-testing
  Language:Python 1473
• w5

  w5teams / w5

  Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

  soarhackingw5w5soartoolshacksecuritysecurity-toolssecurity-automationhackerpython3automationpython-scriptsecurity-auditdevopsshufflewalkoff
  Language:Python 1436

• felixgr / secure-ios-app-dev

  Collection of the most common vulnerabilities found in iOS applications

  securitysecurity-auditvulnerability-assessmentios
  1375

• wireghoul / graudit

  grep rough audit - source code auditing tool

  securitysecurity-auditsecurity-toolsshellsource-codevulnerability-detection
  Language:Shell 1372

• eliotsykes / rails-security-checklist

  :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  checklistrails-securityrailsrails-security-checklistruby-on-railssecurity-auditsecurity-hardeningsecurity
  Language:Ruby 1355