There are 226 repositories under security-tools topic.
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
Protect and discover secrets using Gitleaks 🔑
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
ZincSearch. A lightweight alternative to elasticsearch that requires minimal resources, written in Go.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2022
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
Daemon to ban hosts that cause multiple authentication errors
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
🤖 The Modern Port Scanner 🤖
A static analysis security vulnerability scanner for Ruby on Rails applications
Golang security checker
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Infection Monkey - An automated pentest tool
Attack Surface Management Platform | Sn1perSecurity LLC
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Automated Mass Exploiter
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Bandit is a tool designed to find common security issues in Python code.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
syzkaller is an unsupervised coverage-guided kernel fuzzer
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Modlishka. Reverse Proxy.
A Workflow Engine for Offensive Security
Next generation web scanner
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Linux privilege escalation auditing tool
My simple Swiss Army knife for http/https troubleshooting and profiling.
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
大型内网渗透扫描器&Cobalt Strike，Ladon9.1.4内置150个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Gather and update all available and newest CVEs with their PoC.
Adversary Emulation Framework