usinfosec

usinfosec's Stars

• p80n-sec/PolyfillScript

  Language:Python1

• jonrau1/ElectricEye

  ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

  Language:Python933123

• jphillips-vc/pipeline2detailedreport

  Language:Python57

• OWASP/wstg

  The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

  Language:Dockerfile7.2k1.3k

• deepfence/ThreatMapper

  Open Source Cloud Native Application Protection Platform (CNAPP)

  Language:TypeScript4.8k576

• dropbox/zxcvbn

  Low-Budget Password Strength Estimation

  Language:CoffeeScript15k934

• veracode/verademo

  A deliberately insecure Java web application

  Language:Java35322

• eclipse-archived/codewind

  The official repository of the Eclipse Codewind project

  Language:JavaScript11345

• appsody/appsody

  Appsody command line tool. This repo will be archived soon.

  Language:Go17046

• rancher/k3os

  Purpose-built OS for Kubernetes, fully managed by Kubernetes.

  Language:Go3.5k401

• tektoncd/pipeline

  A cloud-native Pipeline resource.

  Language:Go8.4k1.8k

• knative/community

  Knative governance and community material.

  Language:Go249232

• opszero/terraform-aws-kubespot

  Language:HCL10928

• usnistgov/OSCAL

  Open Security Controls Assessment Language (OSCAL)

  Language:XSLT665180

• IBM/Guardium_External_S-TAP

  Guardium_External_S-TAP

  Language:Shell107

• OWASP/CheatSheetSeries

  The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

  Language:Python27.7k3.9k

• IBM/knative101

  Language:Shell7048

• OWASP-Benchmark/BenchmarkJava

  OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.

  Language:Java6601k

• securego/gosec

  Go security checker

  Language:Go7.8k608

• ajinabraham/nodejsscan

  nodejsscan is a static security code scanner for Node.js applications.

  Language:CSS2.4k326

• openstack-archive/bandit

  Python AST-based static analyzer from OpenStack Security Group

  1.2k100

• controlplaneio/kubectl-kubesec

  Security risk analysis for Kubernetes resources

  Language:Go50737

• OWASP/sonarqube

  OWASP SonarQube Project

  Language:Dockerfile10961

• emtunc/SlackPirate

  Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

  Language:Python726107

• firecracker-microvm/firecracker

  Secure and fast microVMs for serverless computing.

  Language:Rust25.4k1.8k

• prowler-cloud/prowler

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  Language:Python10.6k1.5k

• mthbernardes/GTRS

  GTRS - Google Translator Reverse Shell

  Language:Go615100

• ing-bank/bdd-mobile-security-automation-framework

  Mobile Security testing Framework

  Language:Ruby4017

• gravitational/teleport

  The easiest, and most secure way to access and protect all of your infrastructure.

  Language:Go17.4k1.7k

• anchore/anchore-engine

  A service that analyzes docker images and scans for vulnerabilities

  Language:Python1.6k271