#Security-audit
Showing 60 of 246 repositories tagged #security-audit, ranked by stars
Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
A static analysis security vulnerability scanner for Ruby on Rails applications
Open Source Vulnerability Management Platform
the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
Web Application Security Scanner Framework
Advanced vulnerability scanning with Nmap NSE
Cloud Security Posture Management (CSPM)
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Automated NoSQL database enumeration and web application exploitation tool.
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Find leaked secrets via github search
Pentest Report Generator
本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
Patch-level verification for Bundler
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
Semi-automatic OSINT framework and package manager
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
An NFC research toolkit application for Android
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.
Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.
Directory Services Internals (DSInternals) PowerShell Module and Framework
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
safely install npm packages by auditing them pre-install stage
grep rough audit - source code auditing tool
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
SSH-MITM - ssh audits made simple
Collection of the most common vulnerabilities found in iOS applications
:key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
Simple Golang HTTPS/TLS Examples
Professional slash commands for Claude Code that provide structured workflows for software development tasks including code review, feature creation, security auditing, and architectural analysis.
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
secator - the pentester's swiss knife
pentest framework
An IIS short filename enumeration tool
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
Security advisory database for Rust crates published through crates.io
Agent-driven automated CVE discovery platform for source code auditing, vulnerability verification, and report generation.
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
A Ruby framework designed to aid in the penetration testing of WordPress systems.
RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!
A Blazing fast Security Auditing tool for Kubernetes
Hacking Toolkit
Tool for building Kubernetes attack paths