amontzx's Stars
aquasecurity/tfsec
Tfsec is now part of Trivy
tenable/terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Skyscanner/cfripper
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
OWASP-Benchmark/BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
analysis-tools-dev/static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
DefectDojo/django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
deshpandetanmay/git-secrets
Prevents you from committing secrets and credentials into git repositories
sonatype-nexus-community/DevAudit
Open-source, cross-platform, multi-purpose security auditing tool
mozilla/infosec.mozilla.org
Guidelines, principles published on https://infosec.mozilla.org
mozilla/wikimo_content
WikiMo documentation (mainly the security space, but everyone's welcome to use this)
pumasecurity/puma-scan
Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
OWASP/user-security-stories
Repo to hold mapping of user-security-stories
broamski/aws-mfa
Manage AWS MFA Security Credentials
awslabs/git-secrets
Prevents you from committing secrets and credentials into git repositories
Netflix/repokid
AWS Least Privilege for Distributed, High-Velocity Deployment
rsrdesarrollo/generator-burp-extension
Everything you need about Burp Extension Generation
github/secure_headers
Manages application of security headers with many safe defaults
gquere/pwn_jenkins
Notes about attacking Jenkins servers
francesc-h/firebase
Exploiting misconfigured firebase databases
frostbits-security/SIET
Smart Install Exploitation Tool
infobyte/faraday
Open Source Vulnerability Management Platform
gitleaks/gitleaks
Find secrets with Gitleaks 🔑
meirwah/awesome-incident-response
A curated list of tools for incident response
sbilly/awesome-security
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
x0rz/phishing_catcher
Phishing catcher using Certstream
ustayready/CredSniper
CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
praveendhac/CISBenchmarks
Hardening audit scripts validating Workstations and Servers based on CIS benchmarks
bones-integgroll/CookieSheet
mubix/whitechapel-ng
Next Generation of White Chapel
ssllabs/research