We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
clair - Vulnerability Static Analysis for Containers
Note: The master branch may be in an unstable or even broken state during development. Please use releases instead of the master branch in order to get stable binaries.Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including appc and docker).
containers static-analysis kubernetes docker oci oci-image vulnerabilities clairsnyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies
Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.
security monitor snyk vulnerabilitiesbrakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.
rails security static-analysis vulnerabilities brakeman security-vulnerability security-tools security-auditNodeGoat - The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node
Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. Tutorial Guide explaining how each of the OWASP Top 10 vulnerabilities can manifest in Node.js web apps and how to prevent it.
nodejs owasp-top-ten docker heroku vulnerabilities nodegoat owasp-zapawesome-web-hacking - A list of web application security
This list is for anyone wishing to learn about web application security but do not have a starting point. You can help by sending Pull Requests to add more information.
penetration-testing web-hacking vulnerabilities scannerretire.js - scanner detecting the use of JavaScript libraries with known vulnerabilities
There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 list of security risks and insecure libraries can pose a huge risk to your Web app. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities. A Grunt task for running Retire.js as part of your application's build routine, or some other automated workflow.
vulnerabilities scanner firefox-extension grunt-plugins vulnerable-libraries insecure-libraries chrome-extension build-tool security software-composition-analysisClusterfuzz - All your bug are belong to us
ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
fuzzing security stability vulnerabilities fuzz-testing software-testing testing-tools automationVulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
快速搭建各种漏洞环境(Various vulnerability environment)
vulnerabilities docker struts vulnhub cveSn1per - Automated Pentest Recon Scanner
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.
pentest pentesting hacking scanner automated kali-linux recon sn1per dns metasploit vulnerabilities scans sn1per-professional nuke shellshock subnetarcherysec - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.
vulnerability-assessment vulnerabilities scanning pentesting vulnerability-management opensource pentesters secdevops devops devops-toolsqark - Tool to look for several security related Android application vulnerabilities
Quick Android Review Kit - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.
vulnerabilities security eavesdropping auditdawnscanner - Dawn is a static analysis security scanner for ruby written web applications
dawnscanner is a source code scanner designed to review your ruby code for security issues. dawnscanner version 1.6.6 has 235 security checks loaded in its knowledge base. Most of them are CVE bulletins applying to gems or the ruby interpreter itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
codereview cybersecurity sinatra padrino vulnerabilities rails hanami security-audit securityExploit-Writeups - A collection where my current and future writeups for exploits/CTF will go
Welcome to my collection of exploit writeups. This repo is where my current and future writeups for public exploits, vulnerability research, and CTF challenge solves will go. Below is a directory of the current writeups that I've published. An overview of the PS4 kernel exploit codenamed "namedobj", which targets a type confusion vulnerability in the sys_namedobj_* Sony system calls. This overview covers the basic exploit strategy required to leverage the type confusion bug into a fully fledged exploit.
exploitation exploit-development capture-the-flag vulnerabilitieskernelpop - kernel privilege escalation enumeration and exploitation framework
both of the binary build steps should create a binary kernelpop in the project root.
enumeration kernel exploits vulnerabilities security toolsDependency-Track - Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
security owasp bom vulnerabilities vulndb appsec component-analysis nvd vulnerability-detection sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedxhorusec - Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command
Horusec is an open source tool that performs a static code analysis to identify security flaws during the development process. Currently, the languages for analysis are C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell, Nginx. The tool has options to search for key leaks and security flaws in all your project's files, as well as in Git history. Horusec can be used by the developer through the CLI and by the DevSecOps team on CI /CD mats. Check out our Documentation, you will see the complete list of tools and languages Horusec performs analysis.
kotlin cli security analysis ci cd terraform scanner static-analysis netcore vulnerabilities hacktoberfest sast security-flaws security-development sast-analysisSuhosin - Protection System for PHP Installations
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. It comes in two independent parts, that can be used separately or in combination.
security php-secure vulnerabilities protectionPatrowlManager - PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
To try PatrOwl, install it by reading the Installation Guide and the User Guide. Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery. The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).
api ioc automation incident-response orchestration secops scans threat-hunting vulnerabilities thehive vulnerability-detection vulnerability-management vulnerability-scanners security-scanner security-automation security-tools threat-intelligence patrowldagda - a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis are in progress.
docker security static-analysis vulnerabilities detecting-anomalous-activities malware-detection
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
