security-audit
There are 873 repositories under security-audit topic.
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
future-architect/vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
prowler-cloud/prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
gojue/ecapture
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
We5ter/Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
presidentbeef/brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
jeremylong/DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
google/osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
infobyte/faraday
Open Source Vulnerability Management Platform
charles2gan/GDA-android-reversing-Tool
the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
Arachni/arachni
Web Application Security Scanner Framework
ysrc/xunfeng
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
scipag/vulscan
Advanced vulnerability scanning with Nmap NSE
aquasecurity/cloudsploit
Cloud Security Posture Management (CSPM)
FeeiCN/Cobra
Source Code Security Audit (源代码安全审计)
codingo/NoSQLMap
Automated NoSQL database enumeration and web application exploitation tool.
techgaun/github-dorks
Find leaked secrets via github search
goodwithtech/dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
rubysec/bundler-audit
Patch-level verification for Bundler
grayddq/GScan
本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
evilsocket/bettercap
DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
find-sec-bugs/find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
codingo/Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
pwndoc/pwndoc
Pentest Report Generator
dnakov/little-rat
🐀 Small chrome extension to monitor (and optionally block) other extensions' network calls
OWASP/owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
kpcyrd/sn0int
Semi-automatic OSINT framework and package manager
Bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
m0nad/Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
MichaelGrafnetter/DSInternals
Directory Services Internals (DSInternals) PowerShell Module and Framework
doyensec/inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
w5teams/w5
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
felixgr/secure-ios-app-dev
Collection of the most common vulnerabilities found in iOS applications
wireghoul/graudit
grep rough audit - source code auditing tool
eliotsykes/rails-security-checklist
:key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)