security-tools
There are 4572 repositories under security-tools topic.
x64dbg/x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Lissy93/web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
gitleaks/gitleaks
Protect and discover secrets using Gitleaks 🔑
trufflesecurity/trufflehog
Find, verify, and analyze leaked credentials
Lissy93/personal-security-checklist
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
Infisical/infisical
♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
RustScan/RustScan
🤖 The Modern Port Scanner 🤖
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
smicallef/spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
fail2ban/fail2ban
Daemon to ban hosts that cause multiple authentication errors
qeeqbox/social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
future-architect/vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
prowler-cloud/prowler
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
secdev/scapy
Scapy: the Python-based interactive packet manipulation program & library.
toniblyx/my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
BishopFox/sliver
Adversary Emulation Framework
1N3/Sn1per
Attack Surface Management Platform
edoardottt/awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
securego/gosec
Go security checker
yogeshojha/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
presidentbeef/brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
smallstep/certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
liamg/traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
guardicore/monkey
Infection Monkey - An open-source adversary emulation platform
trickest/cve
Gather and update all available and newest CVEs with their PoC.
PyCQA/bandit
Bandit is a tool designed to find common security issues in Python code.
google/osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
A-poc/RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
jakejarvis/awesome-shodan-queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
six2dez/reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
The-Z-Labs/linux-exploit-suggester
Linux privilege escalation auditing tool
GhostTroops/scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
urbanadventurer/WhatWeb
Next generation web scanner
decalage2/awesome-security-hardening
A collection of awesome security hardening guides, tools and other resources