We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
Zaproxy - An easy to use integrated penetration testing tool for finding vulnerabilities
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
penetration-testing pentesting vulnerability-scanner testing-tool security-testingcaldera - An automated adversary emulation system
CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project. These features allow CALDERA to dynamically operate over a set of systems using variable behavior, which better represents how human adversaries perform operations than systems that follow prescribed sequences of actions. CALDERA is useful for defenders who want to generate real data that represents how an adversary would typically behave within their networks. Since CALDERA's knowledge about a network is gathered during its operation and is used to drive its use of techniques to reach a goal, defenders can get a glimpse into how the intrinsic security dependencies of their network allow an adversary to be successful. CALDERA is useful for identifying new data sources, creating and refining behavioral-based intrusion detection analytics, testing defenses and security configurations, and generating experience for training.
adversary-emulation caldera security-automation red-team mitre mitre-attack security-testingSqlmap - Automatic SQL injection and database takeover tool
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
penetration-testing vulnerability-scanner sql-injection pentesting security-testing testing-toolNogotofail - Network Security Testing Tool
Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.
penetration-testing pentesting vulnerability-scanner testing-tool security-testing network-testingBeef - Browser Exploitation Framework
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.
penetration-testing pentesting vulnerability-scanner testing-tool security-testingMetasploit Framework - World's most used penetration testing software
Metasploit, helps verify vulnerabilities and manage security assessments. It makes it easy to automate all phases of a penetration test, from choosing the right exploits to streamlining evidence collection and reporting.
penetration-testing pentesting vulnerability-scanner testing-tool security-testinghabu - Python Network Hacking Toolkit
I'm developing Habu to teach (and learn) some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing.
network-analysis networking scapy python3 security-tools hacking penetration-testing pentesting pentest pentest-tool pentesting-networks security-audit security-testingTaipan - Web application security scanner
If you want to try the dev version of Taipan without to wait for an official release, you can download the build version. This version is built every time that a commit is done and the build process is not broken. You can download it from the Artifacts Directory.
security-tools security-scanner security-automation web-security application-security security security-audit security-testing hacking-tool taipan hacking web web-application web-sec-scanner web-security-researchinput-field-finder - Spiders given URLs for input fields.
Spiders the domain of a single URL or a set or URLs and prints out all <input> elements found on the given domain and scheme (http/https). Input fields are the most common vector/sink for web application vulnerabilities. I wrote this tool to help automate the reconnaissance phase when testing web applications for security vulnerabilities.
security security-tools security-automation security-testing spiderasoc-devops-tooling - This project will provide DevOps automation in the form of snippets, sample apps, and plugins in support of integrating with IBM Application Security on Cloud for automated security scans of software projects using popular tools and frameworks across the DevOps landscape
This project will provide DevOps automation in the form of snippets, sample apps, and plugins in support of integrating with IBM Application Security on Cloud for automated security scans of software projects using popular tools and frameworks across the DevOps landscape. SaaS solution helping teams perform static, dynamic and mobile application security testing in the Cloud, letting you detect and fix security vulnerabilities early in the DevOps pipeline.
cloud devops security security-tools security-testing security-scanner security-automation asoc jenkins jenkins-pipelineowasp-zap-glue-ci-images - Ready to use images of Zap and Glue, especially for CI integration.
OWASP Zap is a great security tool that can easily be used in a CI/CD environment. Glue is another tool from OWASP that aimed to ease the integration of security tools into CI. You can read more in this blog post, where I've explained how to easily integrate Zap and Glue into CI/CD pipeline and build a valuable security tests. This repo contains images that make the process of integrating Zap and Glue into the ci simpler, by setting up various configuration that are required for the integration. The code is based on the work done by Nataly Shrits, on Tweek project.
ci docker-image owasp security-testinghonggfuzz-rs - Fuzz your Rust code with Google-developped Honggfuzz !
Honggfuzz is a security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based).
fuzz fuzzer honggfuzz fuzzing fuzz-testing security security-tools security-testing crates rust-fuzz sanitizerwatchdog - Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built, it can be used by product security teams, red teams and also by bug bounty hunters to get a 360° view of any Internet property it scans. Given a list of domains/IP's it has the capability to perform a network scan, feed the output to open source web app scanners like Google's skip-fish and wapiti, perform tech stack analysis and determine if the stack has any known CVE’s. WatchDog has the ability to scan all endpoints and perform technology version analysis on the services it detects and map this information with it’s rich CVE database maintained and updated locally.
security-tools security security-vulnerability security-testing vulnerability-management vulnerability-assessment pentest-tool penetration-testing-framework cve-databases cve-search application-security network-security product-security bugbountyboxxy-rs - Linkable sandbox explorer
"If you implement boundaries and nobody is around to push them, do they even exist?". Have you ever wondered how your sandbox looks like from the inside? Tempted to test if you can escape it, if only you had a shell to give it a try? boxxy is a library that can be linked into a debug build of an existing program and drop you into an interactive shell. From there you can step through various stages of your sandbox and verify it actually contains™. Just put a dev-dependencies in your Cargo.toml and copy examples/boxxy.rs to your examples/ folder. Modify to include your sandbox.
sandboxing security-testing regression-testingmobsf-ci - All that is required to run MobSF in the ci
This repo contains all the is required to run MobSF in the CI. MobSF is a security tool that can scan APK/IPA and report various security issues. By running it in the CI, you can find those issues earlier, and fix them. To learn more about what it MobSF and what it can detect, checkout the blog post. To parse the report, use Glue - see in the next section how.
devsecops mobsf cicd automation security-testing mobileHolisticInfoSec-For-WebDevelopers-Fascicle2 - :books: IoT :lock: Mobile :books:
The contents of Fascicle 2 that's a work in progress is listed below, and can be found at the books landing page. If there is something you would like to see included in this fascicle, please submit an issue for consideration.
devops security security-audit security-review security-testing devsecops book hacking iot iot-testing iot-security iot-security-testing threat-modeling infosec mobile mobile-security mobile-security-testing android bookssecurity-tools - Collection of small security tools created mostly in Python
Collection of simple security tools created in Python.
pentesting hacking bugbounty itsecurity ctf ctf-tools infosec webappsec scanner security-tools security-testing bug-bounty bug-bountiescaringcaribou - A friendly car security exploration tool
We are lacking a security testing tool for automotive. A zero-knowledge tool that can be dropped onto any CAN network and collect information regarding what services and vulnerabilities exist. This is a start. This work was initiated as part of the research project HEAVENS (HEAling Vulnerabilities to ENhance Software Security and Safety), but lives on as a stand-alone project.
can can-bus python-can security-scanner security-testing test-automation automation iso-tp iso-15765 iso-14229
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
