There are 300 repositories under security-tools topic.
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
ZincSearch . A lightweight alternative to elasticsearch that requires minimal resources, written in Go.
Protect and discover secrets using Gitleaks 🔑
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2022
Find credentials all over the place
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
🤖 The Modern Port Scanner 🤖
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Daemon to ban hosts that cause multiple authentication errors
Prowler is an Open Source Security tool to perform Cloud Security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Golang security checker
A static analysis security vulnerability scanner for Ruby on Rails applications
Attack Surface Management Platform | Sn1perSecurity LLC
Infection Monkey - An open-source adversary emulation platform
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Adversary Emulation Framework
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Bandit is a tool designed to find common security issues in Python code.
Automated Mass Exploiter
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
syzkaller is an unsupervised coverage-guided kernel fuzzer
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Next generation web scanner
A Workflow Engine for Offensive Security
暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Linux privilege escalation auditing tool
A collection of awesome security hardening guides, tools and other resources
Modlishka. Reverse Proxy.
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet