There are 509 repositories under security-tools topic.
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Find, verify, and analyze leaked credentials
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
The best IP Toolbox. Easy to check what's your IPs, IP geolocation, check for DNS leaks, examine WebRTC connections, speed test, ping test, MTR test, check website availability, whois search and more! || 🇨🇳 可能是最好用的IP工具箱。轻松检查你的 IP,IP 地理位置,检查DNS泄漏,检查 WebRTC 连接,速度测试,ping 测试,MTR测试,检查网站可用性,查询 Whois 信息等等。
A static analysis security vulnerability scanner for Ruby on Rails applications
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Infection Monkey - An open-source adversary emulation platform
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Tools and Techniques for Red Team / Penetration Testing
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Linux privilege escalation auditing tool
Next generation web scanner