We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
arachni - Web Application Security Scanner Framework
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.
arachni dom audit detection security-audit analysis modular scanners web-application vulnerability-detection crawler scanner hack hacking penetration-testing xss sql-injectionlynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems
Do you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.
shell pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-toolsvuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.
vuls vulnerability-scanners freebsd vulnerability-detection security security-tools cybersecurity security-vulnerability security-scanner security-hardening security-automation security-audit vulnerability-assessment vulnerability-management vulnerability-scannervulscan - Advanced vulnerability scanning with Nmap NSE
Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.
vulnerability vulnerability-scanners vulnerability-detection vulnerability-identification vulnerability-assessment security security-audit security-scanner penetration-testing nmap nmap-scripts exploit vulnerability-scanning vulnerability-databases vulnerability-database-entry nmap-scan-script nse nsescript lua-scriptnuclei - Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use
Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei. We have a dedicated repository that houses various type of vulnerability templates contributed by more than 100 security researchers and engineers. It is preloaded with ready to use templates using -update-templates flag.
vulnerability-detection vulnerability-assessment vulnerability-scanner subdomain-takeover cve-scanner nuclei-engineXAttacker - X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
vulnerability-scanner vulnerability-detection vulnerability-exploit vulnerability-assessment security-scanner scanner security-tools website-vulnerability-scanner hacking hacking-tool pentest wp-scanner wordpress prestashop joomla lokomedia drupal auto-exploiter exploit exploitationWazuh - Host and endpoint security
Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.
ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring openscap security-hardening ids pci-dss file-integrity-management log-analysis vulnerability-detection incident-response threat-detectionDependency-Track - Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
security owasp bom vulnerabilities vulndb appsec component-analysis nvd vulnerability-detection sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedxSeccubus - Easy automated vulnerability scanning, reporting and analysis
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.
seccubus repeated-scans nikto ssllabs security filters analysis vulnerability-detection vulnerability-management medusa nessus nmap testsslTIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.
NOTE: For installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway. TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.
web-penetration-testing reconnaissance vulnerability-analysis scanning-enumeration web-fuzzer osint vulnerability-detection footprinting intelligence-gathering exploitation web-application-security theinfecteddrake tidos-frameworkPatrowlManager - PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
To try PatrOwl, install it by reading the Installation Guide and the User Guide. Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery. The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).
api ioc automation incident-response orchestration secops scans threat-hunting vulnerabilities thehive vulnerability-detection vulnerability-management vulnerability-scanners security-scanner security-automation security-tools threat-intelligence patrowlpest - :beetle: Primitive Erlang Security Tool
Do a basic scan of Erlang source code and report any function calls that may cause Erlang source code to be insecure. Erlang/OTP version 19.0 and higher is required. If beam files are used, they must have been compiled with the debug_info option to provide the abstract_code used by pest.erl. However, pest.erl also consumes Erlang source code, including Erlang source escript files. If beam files are available, it is best to use the beam files with pest.erl due to how the Erlang compiler preprocessor and optimizations can influence function calls.
erlang-security static-code-analysis security security-audit security-scanner static-analysis vulnerability-detectioncsi - CSI (Continuous Security Integration) Framework => Automated Security Testing for CI/CD Pipelines & Beyond
If you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please PM us as this will continue to promote CSIs interoperability w/ industry-recognized security tools moving forward. It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.
continuous-integration security automation continuous-testing continuous-security vulnerability-detection static-analysis security-framework devops telephony web ethical-hacking vagrant packer aws-ec2 penetration-testing bugbounty kali-linux kali kalilinuxburp-molly-pack - Security checks pack for Burp Suite
Burp-molly-pack is Yandex security checks pack for Burp. The main goal of Burp-molly-pack is to extend Burp checks. Plugins contains Active and Passive security checks.
security burp-extensions burp-plugin vulnerability-detection burpsuite burpsuite-prowazuh-ansible - Wazuh - Ansible playbook
This playbooks installs and configure Wazuh agent, manager and Elastic Stack. The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.
wazuh ansible ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responsewazuh-api - Wazuh - RESTful API
Wazuh API is an open source RESTful API to interact with Wazuh from your own application or with a simple web browser or tools like cURL. Our goal is to completely manage Wazuh remotely. Perform everyday actions like adding an agent, check configuration, or look for syscheck files are now simplest using Wazuh API.
wazuh ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responsewazuh-docker - Wazuh - Docker containers
In addition, a docker-compose file is provided to launch the containers mentioned above. It also launches an Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. Containers are currently tested on Wazuh version 3.3.0 and Elastic Stack version 6.2.4. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.
wazuh docker ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening log-analysis ids pci-dss file-integrity-management security-awareness vulnerability-detection incident-responsewazuh-documentation - Wazuh - Project documentation
Here you will find instructions to install and deploy Wazuh HIDS. If you want to contribute to this documentation (built using Sphinx) or our projects please head over to our Github repositories and submit pull requests.
wazuh documentation reference ossec openscap elasticsearch monitoring security security-hardening pci-dss file-integrity-management compliance security-awareness log-analysis fim loganalyzer intrusion-detection vulnerability-detection incident-responsewazuh-kibana-app - Wazuh - Kibana plugin
Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app plugin. If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list, by sending an email to mailto:wazuh+subscribe@googlegroups.com, to ask questions and participate in discussions.
wazuh kibana ossec elasticsearch security loganalyzer compliance monitoring intrusion-detection policy-monitoring openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-response
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
