usinfosec's Stars
p80n-sec/PolyfillScript
jonrau1/ElectricEye
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
jphillips-vc/pipeline2detailedreport
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
deepfence/ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
dropbox/zxcvbn
Low-Budget Password Strength Estimation
veracode/verademo
A deliberately insecure Java web application
eclipse-archived/codewind
The official repository of the Eclipse Codewind project
appsody/appsody
Appsody command line tool. This repo will be archived soon.
rancher/k3os
Purpose-built OS for Kubernetes, fully managed by Kubernetes.
tektoncd/pipeline
A cloud-native Pipeline resource.
knative/community
Knative governance and community material.
opszero/terraform-aws-kubespot
usnistgov/OSCAL
Open Security Controls Assessment Language (OSCAL)
IBM/Guardium_External_S-TAP
Guardium_External_S-TAP
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
IBM/knative101
OWASP-Benchmark/BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
securego/gosec
Go security checker
ajinabraham/nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
openstack-archive/bandit
Python AST-based static analyzer from OpenStack Security Group
controlplaneio/kubectl-kubesec
Security risk analysis for Kubernetes resources
OWASP/sonarqube
OWASP SonarQube Project
emtunc/SlackPirate
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
firecracker-microvm/firecracker
Secure and fast microVMs for serverless computing.
prowler-cloud/prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
mthbernardes/GTRS
GTRS - Google Translator Reverse Shell
ing-bank/bdd-mobile-security-automation-framework
Mobile Security testing Framework
gravitational/teleport
The easiest, and most secure way to access and protect all of your infrastructure.
anchore/anchore-engine
A service that analyzes docker images and scans for vulnerabilities