We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer
syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.
kernel fuzz-testing fuzzing fuzzer testing security security-vulnerability security-toolsbrakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.
rails security static-analysis vulnerabilities brakeman security-vulnerability security-tools security-auditGitleaks - Searches full repo history for secrets and keys
Gitleaks audits local and remote repos by running regex checks against all commits.
security security-tools git code-auditNoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".
nosql nosql-databases penetration-testing scanner security-audit security-tools security-toolset offensive-security enumeration databases mongodb couchdb web-application-security bugbounty redis mongodb-database sql-injection hacking hacking-tool hacktoberfestReconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing
A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).
oscp penetration-testing scanner security security-audit security-tools security-scanner offensive-security nmap enumeration scanning kali-linux service-enumeration services-discovered discover-services range snmp hacking hacking-tool virtual-hostslinux-exploit-suggester - Linux privilege escalation auditing tool
Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC exploit, make sure that his target is affected by the associated vulnerability and finally modify the exploit to suit his target. The linux-exploit-suggester.sh tool is designed to help with these activities. In this mode the analyst simply provides kernel version (--kernel switch) or uname -a command output (--uname switch) and receives list of candidate exploits for a given kernel version.
exploits privilege-escalation-exploits kernel-exploitation applicable-exploits security-tools hacking-tool linux-exploitsAutoSploit - Automated Mass Exploiter
Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.
metasploit exploit exploitation offsec automation security-tools securityprivacy-respecting - Curated List of Privacy Respecting Services and Software
Please read the contribution guidelines before contributing. This is a list of various 'free' services whose business models are to collect as much personal data about you as possible and alternatives you can use to them if you care about not losing control of your data and your privacy.
privacy curated-list self-hosted security security-toolslynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems
Do you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.
shell pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-toolsXAttacker - X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
vulnerability-scanner vulnerability-detection vulnerability-exploit vulnerability-assessment security-scanner scanner security-tools website-vulnerability-scanner hacking hacking-tool pentest wp-scanner wordpress prestashop joomla lokomedia drupal auto-exploiter exploit exploitationStaCoAn - StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications*. This tool was created with a big focus on usability and graphical guidance in the user interface.
bugbounty security security-tools mobile-security static-code-analysisEnvKey - Protect API keys and credentials, Keep configuration in sync everywhere.
This is EnvKey's cross-platform native application. It supports Mac, Windows, and Linux. EnvKey is an end-to-end encrypted secrets and configuration management tool. It keeps your configuration securely and automatically in sync for all your developers and servers.
configuration configuration-management secrets encryption openpgp mac react electron security security-tools devops developer-tools devops-tools secret-management password-manager password-managementVHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages
A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Dependencies will then be installed and VHostScan will be added to your path. If there is an issue regarding running python3 setup.py build_ext, you will need to reinstall numpy using pip uninstall numpy and pip install numpy==1.12.0. This should resolve the issue as there are sometimes issues with numpy being installed through setup.py.
security-audit penetration-testing penetration-test virtual-hosts web-application-security discovery-service hacking hacking-tool virtual-host vhost vhosts security-tools security hackthebox oscp ctf-tools offensive-security bugbounty reverse-lookups scannerethereum-lists - A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth
A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists. Navigate to the file you would like to make the adjustment to by clicking it's name.
myetherwallet ethereum chain ethereum-lists security-tools phishingunsign - Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed
Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)
macosx osx security-toolsDiamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
rootkit lkm-rootkit kernel kernel-module security-tools linux-kernel hacking hacking-toolchronicle - Public append-only ledger microservice built with Slim Framework
Chronicle is a self-hostable microservice, built with Slim Framework, which enables authorized users to commit arbitrary data to an immutable, append-only public ledger. Chronicle is superior to "blockchain" solutions for most real-world technical problems that don't involve proofs-of-work or Byzantine fault tolerance.
append-only hash-chain blake2b chain hash proof knowledge sapient security security-tools cryptographyRed-Baron - Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.
Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams. Both of these resources were referenced heavily while building this.
infrastructure-as-code security-tools red-teams terraform-module terraform securityRTA - Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets
Red Team Arsenal is a web/network security scanner which has the capability to scan all company's online facing assets and provide an holistic security view of any security anomalies. It's a closely linked collections of security engines to conduct/simulate attacks and monitor public facing assets for anomalies and leaks. It's an intelligent scanner detecting security anomalies in all layer 7 assets and gives a detailed report with integration support with nessus. As companies continue to expand their footprint on INTERNET via various acquisitions and geographical expansions, human driven security engineering is not scalable, hence, companies need feedback driven automated systems to stay put.
security-tools security websecurity nessusenvkey-node - EnvKey's official Node.js client library
Integrate EnvKey with your Node.js projects to keep api keys, credentials, and other configuration securely and automatically in sync for developers and servers.Generate an ENVKEY in the EnvKey App. Then set ENVKEY=..., either in a gitignored .env file in the root of your project (in development) or in an environment variable (on servers).
nodejs configuration configuration-management secrets encryption security security-tools devops devops-tools developer-tools secret-management environment-variables
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
