Do you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.
shell pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-toolsA reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).
oscp penetration-testing scanner security security-audit security-tools security-scanner offensive-security nmap enumeration scanning kali-linux service-enumeration services-discovered discover-services range snmp hacking hacking-tool virtual-hostsRaccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.
reconnaissance scanner vulnerability-assessment vulnerability-scanner enumeration pentesting pentest-tool hacking-tool offensive-security security-scanner fuzzing information-gathering hacking raccoon osintFor a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.
vuls vulnerability-scanners freebsd vulnerability-detection security security-tools cybersecurity security-vulnerability security-scanner security-hardening security-automation security-audit vulnerability-assessment vulnerability-management vulnerability-scannerVulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.
vulnerability vulnerability-scanners vulnerability-detection vulnerability-identification vulnerability-assessment security security-audit security-scanner penetration-testing nmap nmap-scripts exploit vulnerability-scanning vulnerability-databases vulnerability-database-entry nmap-scan-script nse nsescript lua-scriptSubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.
subdomain subdomain-enumeration subdomain-bruteforcing bruteforcing hacking bug-bounty penetration-testing reconaissance subdomain-scanner enumeration discover-services hacking-tool security-tools security-audit security-scanner subdomain-brute subdomain-takeover osint osint-resources pentestingMonitor Github sensitive information leaks in near real time and send alert notifications.
sensitive-data sensitive-data-security security-tools security-scannerMicrosoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does from what file operations it uses, encryption, shell operations, cloud API's, frameworks and more and has received industry attention as a new and valuable contribution to OSS on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com. Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations.
detection static-analysis security-scanner security-tools software-characterization application-inspectorSource Code Security Audit (源代码安全审计)
security-audit cobra security-scanner security-tools sourcecode-analysis code-auditX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
vulnerability-scanner vulnerability-detection vulnerability-exploit vulnerability-assessment security-scanner scanner security-tools website-vulnerability-scanner hacking hacking-tool pentest wp-scanner wordpress prestashop joomla lokomedia drupal auto-exploiter exploit exploitationBandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.
linter bandit security-tools security-scanner security static-code-analysisTry our free Kubernetes risk assessment tool today. Run it on any cluster at any time. No data leaves your cluster. We do not collect any information. For more information on Octarine see https://www.octarinesec.com. Kube-Scan gives a risk score, from 0 (no risk) to 10 (high risk) for each workload. The risk is based on the runtime configuration of each workload (currently 20+ settings). The exact rules and scoring formula are part of the open-source framework KCCSS, the Kubernetes Common Configuration Scoring System.
kubernetes security devops security-audit k8s cloud-native security-scanner security-tools devsecops security-scannersStatic security code scanner (SAST) for Node.js applications. The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.
nodejs static-analysis security security-scanner sast devsecops code-analysis code-review node node-securityToday, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side. JavaScript flexibility and its loose typing is friendly to developers to create rich applications at an unbelievable speed. Major advancements in the performance of JavaScript interpreters, in recent days, have almost eliminated the question of scalability and throughput from many organizations. So the point is JavaScript is now a really important and powerful language we have today and it's usage growing everyday. From client-side code in web applications it grew to server-side through Node.JS and it's now supported as proper language to write applications on major mobile operating system platforms like Windows 8 apps and the upcoming Firefox OS apps. But the problem is, many developers practice insecure coding which leads to many client side attacks, out of which DOM XSS is the most infamous. We tried to understand the root cause of this problem and figured out is that there are not enough practically usable tools that can solve real-world problems. Hence as our first attempt towards solving this problem, we want to talk about JSPrime: A JavaScript static analysis tool for the rest of us. It's a very light-weight and very easy to use point-and-click tool! The static analysis tool is based on the very popular Esprima ECMAScript parser by Aria Hidayat.
static-analysis security-tools security-scannerTo try PatrOwl, install it by reading the Installation Guide and the User Guide. Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery. The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).
api ioc automation incident-response orchestration secops scans threat-hunting vulnerabilities thehive vulnerability-detection vulnerability-management vulnerability-scanners security-scanner security-automation security-tools threat-intelligence patrowlEnumeration sub domains(枚举子域名)
subdomain-scanner subdomain-brute security-scanner security-toolsThis is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter).Please see the wiki for full documentation.
security ssl security-audit security-scanner tls appsecA handy systems and security-focused tool, Port Authority is a very fast port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts. Port Authority has no ads and will never have ads. It requires extremely limited permissions since it only needs to interact with your network. The internals are designed to take advantage of today's modern phones/tablets with multiple cores to ensure you can scan your network as fast as possible.
android port-scanner tcp network-discovery security-scanner dns-lookup wake-on-lanDo a basic scan of Erlang source code and report any function calls that may cause Erlang source code to be insecure. Erlang/OTP version 19.0 and higher is required. If beam files are used, they must have been compiled with the debug_info option to provide the abstract_code used by pest.erl. However, pest.erl also consumes Erlang source code, including Erlang source escript files. If beam files are available, it is best to use the beam files with pest.erl due to how the Erlang compiler preprocessor and optimizations can influence function calls.
erlang-security static-code-analysis security security-audit security-scanner static-analysis vulnerability-detectionIt shows all the hops that makes a url you specify to reach its endpoint. For example if you want to see the entire trip by email URL or like a URL shorten. Hoper returns you all URLs redirections. After checking out the repo, run bin/setup to install dependencies. You can also run bin/console for an interactive prompt that will allow you to experiment.
security security-scanner tool hoper security-audit redirects recon
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.