security-audit

There are 969 repositories under security-audit topic.

  • CISOfy/lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

    Language:Shell14.6k3438761.5k

  • gojue/ecapture

    Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

    Language:C14.6k1053731.5k

  • wazuh/wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    Language:C13.5k22619.8k2k
  • prowler

    prowler-cloud/prowler

    Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

    Language:Python12.1k1241.2k1.8k

  • future-architect/vuls

    Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

    Language:Go11.7k3286301.2k
  • Scanners-Box

    We5ter/Scanners-Box

    A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

    8.6k406442.4k

  • google/osv-scanner

    Vulnerability scanner written in Go which uses the data provided by https://osv.dev

    Language:Go7.7k64449454

  • dependency-check/DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

    Language:Java7.2k1794.9k1.4k
  • brakeman

    presidentbeef/brakeman

    A static analysis security vulnerability scanner for Ruby on Rails applications

    Language:Ruby7.1k165795755

  • infobyte/faraday

    Open Source Vulnerability Management Platform

    Language:Python5.9k2544481k

  • charles2gan/GDA-android-reversing-Tool

    the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

    Language:Java4.6k101174552

  • Arachni/arachni

    Web Application Security Scanner Framework

    Language:Ruby3.9k2051k778

  • scipag/vulscan

    Advanced vulnerability scanning with Nmap NSE

    Language:Lua3.7k1340687

  • aquasecurity/cloudsploit

    Cloud Security Posture Management (CSPM)

    Language:JavaScript3.6k72204724

  • ysrc/xunfeng

    巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。

    Language:Python3.6k1801911.3k

  • FeeiCN/Cobra

    Source Code Security Audit (源代码安全审计)

    Language:Python3.2k154980952

  • codingo/NoSQLMap

    Automated NoSQL database enumeration and web application exploitation tool.

    Language:Python3.2k10678605

  • techgaun/github-dorks

    Find leaked secrets via github search

    Language:Python3k9122608

  • goodwithtech/dockle

    Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

    Language:Go3k23122152

  • grayddq/GScan

    本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。

    Language:Python2.8k5213629

  • rubysec/bundler-audit

    Patch-level verification for Bundler

    Language:Ruby2.7k44165236

  • pwndoc/pwndoc

    Pentest Report Generator

    Language:JavaScript2.6k47322452

  • evilsocket/bettercap

    DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

    2.5k1760338
  • bearer

    Bearer/bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Language:Go2.4k23343128
  • find-sec-bugs

    find-sec-bugs/find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    Language:Java2.4k88440483
  • sn0int

    kpcyrd/sn0int

    Semi-automatic OSINT framework and package manager

    Language:Rust2.3k41113204
  • little-rat

    dnakov/little-rat

    🐀 Small chrome extension to monitor (and optionally block) other extensions' network calls

    Language:JavaScript2.3k202771

  • codingo/Reconnoitre

    A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

    Language:Python2.2k8853459
  • sysreptor

    Syslifters/sysreptor

    A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

    Language:Python2.1k19342221

  • OWASP/owasp-masvs

    The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

    Language:Python2.1k99204470

  • m0nad/Diamorphine

    LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

    Language:C2.1k5535467
  • fixinventory

    someengineering/fixinventory

    Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.

    Language:Python2k22163132
  • DSInternals

    MichaelGrafnetter/DSInternals

    Directory Services Internals (DSInternals) PowerShell Module and Framework

    Language:C#1.8k74166276
  • inql

    doyensec/inql

    InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

    Language:Kotlin1.7k29107170

  • cisagov/cset

    Cybersecurity Evaluation Tool

    Language:TSQL1.7k76162300

  • wireghoul/graudit

    grep rough audit - source code auditing tool

    Language:Shell1.6k3526252