We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems
Do you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.
shell pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-toolsReconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing
A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).
oscp penetration-testing scanner security security-audit security-tools security-scanner offensive-security nmap enumeration scanning kali-linux service-enumeration services-discovered discover-services range snmp hacking hacking-tool virtual-hostsRaccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.
reconnaissance scanner vulnerability-assessment vulnerability-scanner enumeration pentesting pentest-tool hacking-tool offensive-security security-scanner fuzzing information-gathering hacking raccoon osintvuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.
vuls vulnerability-scanners freebsd vulnerability-detection security security-tools cybersecurity security-vulnerability security-scanner security-hardening security-automation security-audit vulnerability-assessment vulnerability-management vulnerability-scannervulscan - Advanced vulnerability scanning with Nmap NSE
Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.
vulnerability vulnerability-scanners vulnerability-detection vulnerability-identification vulnerability-assessment security security-audit security-scanner penetration-testing nmap nmap-scripts exploit vulnerability-scanning vulnerability-databases vulnerability-database-entry nmap-scan-script nse nsescript lua-scriptsubfinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for websites
SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.
subdomain subdomain-enumeration subdomain-bruteforcing bruteforcing hacking bug-bounty penetration-testing reconaissance subdomain-scanner enumeration discover-services hacking-tool security-tools security-audit security-scanner subdomain-brute subdomain-takeover osint osint-resources pentestingGSIL - GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Monitor Github sensitive information leaks in near real time and send alert notifications.
sensitive-data sensitive-data-security security-tools security-scannerXAttacker - X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
vulnerability-scanner vulnerability-detection vulnerability-exploit vulnerability-assessment security-scanner scanner security-tools website-vulnerability-scanner hacking hacking-tool pentest wp-scanner wordpress prestashop joomla lokomedia drupal auto-exploiter exploit exploitationbandit - Bandit is a tool designed to find common security issues in Python code.
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.
linter bandit security-tools security-scanner security static-code-analysisNodeJsScan - NodeJsScan is a static security code scanner for Node.js applications.
Static security code scanner (SAST) for Node.js applications. The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.
nodejs static-analysis security security-scanner sast devsecops code-analysis code-review node node-securityjsprime - a javascript static security analysis tool
Today, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side. JavaScript flexibility and its loose typing is friendly to developers to create rich applications at an unbelievable speed. Major advancements in the performance of JavaScript interpreters, in recent days, have almost eliminated the question of scalability and throughput from many organizations. So the point is JavaScript is now a really important and powerful language we have today and it's usage growing everyday. From client-side code in web applications it grew to server-side through Node.JS and it's now supported as proper language to write applications on major mobile operating system platforms like Windows 8 apps and the upcoming Firefox OS apps. But the problem is, many developers practice insecure coding which leads to many client side attacks, out of which DOM XSS is the most infamous. We tried to understand the root cause of this problem and figured out is that there are not enough practically usable tools that can solve real-world problems. Hence as our first attempt towards solving this problem, we want to talk about JSPrime: A JavaScript static analysis tool for the rest of us. It's a very light-weight and very easy to use point-and-click tool! The static analysis tool is based on the very popular Esprima ECMAScript parser by Aria Hidayat.
static-analysis security-tools security-scannerESD - Enumeration sub domains(枚举子域名)
Enumeration sub domains(枚举子域名)
subdomain-scanner subdomain-brute security-scanner security-toolsyawast - The YAWAST Antecedent Web Application Security Toolkit
This is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter).Please see the wiki for full documentation.
security ssl security-audit security-scanner tls appsecPortAuthority - A handy systems and security-focused tool, Port Authority is a very fast Android port scanner
A handy systems and security-focused tool, Port Authority is a very fast port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts. Port Authority has no ads and will never have ads. It requires extremely limited permissions since it only needs to interact with your network. The internals are designed to take advantage of today's modern phones/tablets with multiple cores to ensure you can scan your network as fast as possible.
android port-scanner tcp network-discovery security-scanner dns-lookup wake-on-lanpest - :beetle: Primitive Erlang Security Tool
Do a basic scan of Erlang source code and report any function calls that may cause Erlang source code to be insecure. Erlang/OTP version 19.0 and higher is required. If beam files are used, they must have been compiled with the debug_info option to provide the abstract_code used by pest.erl. However, pest.erl also consumes Erlang source code, including Erlang source escript files. If beam files are available, it is best to use the beam files with pest.erl due to how the Erlang compiler preprocessor and optimizations can influence function calls.
erlang-security static-code-analysis security security-audit security-scanner static-analysis vulnerability-detectionhoper - Security tool to trace URL's jumps across the rel links to obtain the last URL
It shows all the hops that makes a url you specify to reach its endpoint. For example if you want to see the entire trip by email URL or like a URL shorten. Hoper returns you all URLs redirections. After checking out the repo, run bin/setup to install dependencies. You can also run bin/console for an interactive prompt that will allow you to experiment.
security security-scanner tool hoper security-audit redirects reconburpa - Burp-Automator: A Burp Suite Automation Tool with Slack Integration
Burp-Automator: A Burp Suite Automation Tool with Slack Integration
security burp burpsuite security-tools web-security automation devops security-scanner security-automationsalt-scanner - Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications and JIRA integration. Note: Salt Master and Minion versions should match. Salt-Scanner supports Salt version 2016.11.x. if you are using version 2017.7.x, replace "expr_form" with "tgt_type" in salt-scanner.py.
security security-scanner vulnerability-scanners vulnerability-scanning security-tools security-audit devops devops-tools saltstack saltJeroboam - Check all your apps on macOS for vulnerable Sparkle updaters
IMMINENT DANGER: the heuristics indicate that it can't be assured, that using the updater won't compromise the system. In the best case, the app publisher provides updated binaries with a patched version of Sparkle, which isn't vulnerable or avoids using unencrypted HTTP connections for retrieving the AppCast, as strongly encouraged by Sparkle's documentation. Alternative countermeasures may range from disabling auto-updates and not using the updater anymore, over restricting the app's network functionalities to putting the app under quarantine. UNKNOWN: the app was compiled against an older SDK, so that ATS is not active or there are exclusions from ATS, while the feed URL for the AppCast is not declared in the Info.plist, so it has to be programmatically provided, which can't be determined by statical analysis. Nevertheless the tool inspects all string literals in the executable to find all HTTP URLs, which might include the feed URL. This strategy has limits and can't catch URLs, which weren't fully hardcoded as strings or obfuscated in another way. The found URLs are printed for further investigation through the user to allow a better risk estimation. If an insecure URL serving an AppCast can be found, it is likely that the app is vulnerable, otherwise it can't be excluded.
security security-tools security-scanner security-vulnerabilitywpscan-v3 - WPScan v3 BETA is a Black Box WordPress Vulnerability Scanner - https://wpscan.org
The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team. Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
wpscan wordpress vulnerability-scanner security hacking-tool security-scanner wordpress-scanner wordpress-security
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
