We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer
syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.
kernel fuzz-testing fuzzing fuzzer testing security security-vulnerability security-toolsbrakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.
rails security static-analysis vulnerabilities brakeman security-vulnerability security-tools security-auditGitleaks - Searches full repo history for secrets and keys
Gitleaks audits local and remote repos by running regex checks against all commits.
security security-tools git code-auditAutoSploit - Automated Mass Exploiter
Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.
metasploit exploit exploitation offsec automation security-tools securityprivacy-respecting - Curated List of Privacy Respecting Services and Software
Please read the contribution guidelines before contributing. This is a list of various 'free' services whose business models are to collect as much personal data about you as possible and alternatives you can use to them if you care about not losing control of your data and your privacy.
privacy curated-list self-hosted security security-toolslynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems
Do you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.
shell pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-toolsNoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".
nosql nosql-databases penetration-testing scanner security-audit security-tools security-toolset offensive-security enumeration databases mongodb couchdb web-application-security bugbounty redis mongodb-database sql-injection hacking hacking-tool hacktoberfestReconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing
A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).
oscp penetration-testing scanner security security-audit security-tools security-scanner offensive-security nmap enumeration scanning kali-linux service-enumeration services-discovered discover-services range snmp hacking hacking-tool virtual-hostsgosec - Golang security checker
Inspects source code for security problems by scanning the Go AST. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License here.
security security-tools security-automation static-analysis static-code-analysisvuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.
vuls vulnerability-scanners freebsd vulnerability-detection security security-tools cybersecurity security-vulnerability security-scanner security-hardening security-automation security-audit vulnerability-assessment vulnerability-management vulnerability-scannerlinux-exploit-suggester - Linux privilege escalation auditing tool
Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC exploit, make sure that his target is affected by the associated vulnerability and finally modify the exploit to suit his target. The linux-exploit-suggester.sh tool is designed to help with these activities. In this mode the analyst simply provides kernel version (--kernel switch) or uname -a command output (--uname switch) and receives list of candidate exploits for a given kernel version.
exploits privilege-escalation-exploits kernel-exploitation applicable-exploits security-tools hacking-tool linux-exploitsmonkey - Infection Monkey - An automated pentest tool
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey uses the following techniques and exploits to propagate to other machines.
penetration-testing security-tools security-automation infection-monkeysubfinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for websites
SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.
subdomain subdomain-enumeration subdomain-bruteforcing bruteforcing hacking bug-bounty penetration-testing reconaissance subdomain-scanner enumeration discover-services hacking-tool security-tools security-audit security-scanner subdomain-brute subdomain-takeover osint osint-resources pentestingprowler - AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool
For a comprehensive list and resolution look at the guide on the link above. This script has been written in bash using AWS-CLI and it works in Linux and OSX.
security security-tools security-audit security-hardening cloudtrail hardening aws-cli aws cis-benchmark prowler assessment aws-auditing compliancescapy - Scapy: the Python-based interactive packet manipulation program & library
Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.
scapy python-modules network network-analysis network-visualization network-discovery python2 python3 python-2 python-3 pcap packet-capture packet-sniffer packet-analyser packet-analyzer packet-crafting security security-tools network-securitycameradar - Cameradar hacks its way into RTSP videosurveillance cameras
See command-line options. e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output debug logs.
penetration-testing security hacking infosec rtsp cctv cameras hacking-tool pentesting security-toolsawesome-hacking - Awesome hacking is an awesome collection of hacking tools.
Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command. Every kind of contribution is really appreciated! Follow the :doc:`contribute`.
hacking hacking-tools curated-list penetration-testing forensics malware security security-toolsCloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination. For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.
cipher data-exfiltration hacking pentesting exfiltration steganography cryptography dlp av-evasion privacy security security-tools infosec red-team pentest pentest-tool hacking-tool hacking-tools pentest-tools stegoGSIL - GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Monitor Github sensitive information leaks in near real time and send alert notifications.
sensitive-data sensitive-data-security security-tools security-scannerdirhunt - Find web directories without bruteforce
DEVELOPMENT BRANCH: The current branch is a development version. Go to the stable release by clicking on the master branch. Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.
pentesting security security-tools websec dirscanner without-bruteforce crawler
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
