security-tools

There are 436 repositories under security-tools topic.

x64dbg
x64dbg / x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
debugger windows x64 disassembler reverse-engineering security x86 x86-64 cpp malware-analysis security-tools binary-analysis ctf dynamic-analysis exploit-development hacking oscp debugging program-analysis cybersecurity
Language:C++ 43294
aquasecurity / trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
security security-tools docker containers vulnerability-scanners vulnerability-detection vulnerability golang go kubernetes hacktoberfest devsecops misconfiguration infrastructure-as-code iac
Language:Go 21530
web-check
Lissy93 / web-check
🕵️‍♂️ All-in-one OSINT tool for analysing any website
osint privacy security security-tools sysadmin
Language:TypeScript 19129
personal-security-checklist
Lissy93 / personal-security-checklist
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
privacy security censorship cybersecurity checklist awesome surveillance defense open-source protection security-tools awesome-list hacktoberfest
Language:TypeScript 15827
gitleaks / gitleaks
Protect and discover secrets using Gitleaks 🔑
security security-tools git golang go secret gitleaks devsecops hacktoberfest
Language:Go 15348
trufflehog
trufflesecurity / trufflehog
Find and verify secrets
secret trufflehog credentials security devsecops dynamic-analysis security-tools secrets verification hacktoberfest secret-management precommit scanning
Language:Go 13998
RustScan
RustScan / RustScan
🤖 The Modern Port Scanner 🤖
security pentesting hacking port scanning networking security-tools nmap rust docker hacktoberfest
Language:Rust 12696
CISOfy / lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
shell linux pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-tools
Language:Shell 12570
infisical
Infisical / infisical
♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.
cli end-to-end-encryption environment-variables secret-management secrets security open-source golang nextjs nodejs react typescript secret-manager go postgres secret-scanning security-tools
Language:TypeScript 12447
smicallef / spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
footprinting osint threatintel python infosec intelligence-gathering osint-reconnaissance pentesting threat-intelligence security-tools information-gathering cybersecurity cti osint-framework attacksurface osint-tool hacking information-security recon
Language:Python 11824
social-analyzer
qeeqbox / social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
osint social-media analyzer username profile reconnaissance pentest information-gathering pentesting social-analyzer person-profile javascript nodejs python security-tools analysis nodejs-cli cli sosint
Language:JavaScript 11129
future-architect / vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
vuls vulnerability-scanners golang go linux freebsd vulnerability-detection security security-tools cybersecurity security-vulnerability security-scanner security-hardening security-automation security-audit vulnerability-assessment vulnerability-management vulnerability-scanner vulnerabilities administrator
Language:Go 10697
fail2ban / fail2ban
Daemon to ban hosts that cause multiple authentication errors
linux macos security intrusion-prevention fail2ban bsd gplv2 python ban-hosts intrusion-detection ids ips anti-bot attack-prevention hids security-tools loganalyzer monitoring ban-management
Language:Python 10600
secdev / scapy
Scapy: the Python-based interactive packet manipulation program & library.
scapy python network network-analysis network-visualization network-discovery pcap packet-capture packet-sniffer packet-analyser packet-crafting security security-tools network-security hacktoberfest
Language:Python 10104
prowler
prowler-cloud / prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
security security-tools security-audit security-hardening hardening aws cis-benchmark compliance gdpr forensics cloud well-architected devsecops azure iam python gcp multi-cloud
Language:Python 9626
wazuh / wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
security compliance log-analysis vulnerability-detection cybersecurity file-integrity-monitoring infosec malware-detection cloud-security container-security security-automation security-tools siem xdr configuration-assessement incident-response pci-dss security-audit security-hardening wazuh
Language:C 9301
chaitin / SafeLine
一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it operates as a reverse proxy to protect your website from hacker attacks.
acl cc firewall http-flood security security-tools sql-injection waf web-application-firewall web-security xss captcha docker modsecurity nginx
Language:C++ 8804
toniblyx / my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
cloud auditing incident-response aws-inventory iam dfir cloudtrail aws-infrastructure aws-lambda security security-tools
Language:Shell 8721
BishopFox / sliver
Adversary Emulation Framework
security-tools implant golang dns-server http c2 command-and-control red-team red-teaming red-team-engagement adversarial-attacks adversary-simulation sliver gplv3 dns
Language:Go 7625
Sn1per
1N3 / Sn1per
Attack Surface Management Platform
sn1per sn1per-professional bugbounty-platform attack-surface cybersecurity pentest-tool pentesting-tools pentest-scripts pentest-tools hacking-tools osint-tool osint-framework attacksurface penetration-testing pentesting security-tools attack-surface-management hacking security
Language:Shell 7567
securego / gosec
Go security checker
golang security security-tools security-automation static-analysis static-code-analysis
Language:Go 7491
rengine
yogeshojha / rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
security-tools osint recon recon-engine reconnaissance scanner scanner-web rengine information-gathering bugbounty hacking scanning pentesting bug-bounty infosec penetration-testing
Language:Python 7009
brakeman
presidentbeef / brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
ruby rails security static-analysis vulnerabilities brakeman security-vulnerability security-tools security-audit
Language:Ruby 6918
edoardottt / awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
awesome awesome-list hacking search-engine osint awesome-lists dns hacking-tools exploit security security-tools vulnerability wifi-network bugbounty osint-tool vulnerabilities redteam redteaming cve hacktoberfest
Language:Shell 6739
traitor
liamg / traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
gtfobins exploit privesc privilege-escalation hackthebox infosec redteam-tools security-tools cve-2021-3560 dirtypipe cve-2022-0847
Language:Go 6500
monkey
guardicore / monkey
Infection Monkey - An open-source adversary emulation platform
penetration-testing security-tools security-automation infection-monkey adversary-emulation
Language:Python 6494
certificates
smallstep / certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
tls x509 certificates security security-tools certificate-authority pki ca go acme-server ssh acme
Language:Go 6203
trickest / cve
Gather and update all available and newest CVEs with their PoC.
poc cve cve-poc latest-cve vulnerability vulnerabilities software-vulnerabilities software-security exploit security infosec hacking pentesting penetration-testing red-team security-tools software-vulnerability
Language:HTML 6120
bandit
PyCQA / bandit
Bandit is a tool designed to find common security issues in Python code.
linter bandit security-tools security-scanner security static-code-analysis python
Language:Python 6025
google / osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
scanner security-audit security-tools vulnerability-scanner
Language:Go 5870
The-Z-Labs / linux-exploit-suggester
Linux privilege escalation auditing tool
exploits privilege-escalation-exploits kernel-exploitation applicable-exploits security-tools hacking-tool linux-exploits linux-kernel published-exploits
Language:Shell 5283
GhostTroops / scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
attack auto golang hacker tools nuclei bugbounty bugbounty-tools hacktools pentest-tool 0day brute-force nmap ssh vulnerabilities-scan recon security-scanner security-tools vulnerability-detection vulnerability-scanners
Language:Go 5274
reconftw
six2dez / reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
bugbounty hacking recon pentest subdomain nuclei vulnerabilities scanner fuzzing osint penetration-testing pentesting reconnaissance dns pentest-tool security security-tools bug-bounty
Language:Shell 5266
RedTeam-Tools
A-poc / RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
cheatsheet cybersecurity hacking penetration-testing red-team security-tools linux resources tools windows enumeration payload pentest pentest-tools red-team-tools mitre-attack redteam
5241
google / syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
linux kernel fuzz-testing fuzzing fuzzer testing security security-vulnerability security-tools
Language:Go 5149
urbanadventurer / WhatWeb
Next generation web scanner
security web scanner ruby penetration-testing kali-linux owasp penetration-testing-tools penetration-test hacking hacking-tools network-security recon appsec application-security pentesting pentesting-tools pentest web-hacking security-tools
Language:Ruby 5123