#Security-tools
Showing 60 of 1117 repositories tagged #security-tools, ranked by stars
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
🕵️♂️ All-in-one OSINT tool for analysing any website
Find secrets with Gitleaks 🔑
Infisical is the open-source platform for secrets, certificates, and privileged access management.
Find, verify, and analyze leaked credentials
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2026
🤖 The Modern Port Scanner 🤖
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Fully autonomous AI Agents system capable of performing complex penetration testing tasks
Daemon to ban hosts that cause multiple authentication errors
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)
Scapy: the Python-based interactive packet manipulation program & library.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Adversary Emulation Framework
The best IP Toolbox. Check your IP address & geolocation, test IP for WebRTC and DNS IP leaks, run an IP quality check, browser fingerprint check, website availability check, network speed test, global latency test, MTR test, Whois search, and more.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Tools and Techniques for Red Team / Penetration Testing
Go security checker
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Bandit is a tool designed to find common security issues in Python code.
Gather and update all available and newest CVEs with their PoC.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
A static analysis security vulnerability scanner for Ruby on Rails applications
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Infection Monkey - An open-source adversary emulation platform
Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data
Next generation web scanner
A Modern Orchestration Engine for Security
A collection of awesome security hardening guides, tools and other resources
syzkaller is an unsupervised coverage-guided kernel fuzzer
Bjorn is a powerful network scanning and offensive security tool for the Raspberry Pi with a 2.13-inch e-Paper HAT. It discovers network targets, identifies open ports, exposed services, and potential vulnerabilities. Bjorn can perform brute force attacks, file stealing, host zombification, and supports custom attack scripts.
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Static analysis for GitHub Actions
Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
The Network Execution Tool
a secure dotenv–from the creator of `dotenv`
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Modlishka. Reverse Proxy.
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange
Open Source Cloud Native Application Protection Platform (CNAPP)
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Automated Mass Exploiter
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Cameradar hacks its way into RTSP videosurveillance cameras
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
IntelOwl: manage your Threat Intelligence at scale
Applied offensive security with Rust - https://kerkour.com/black-hat-rust