Trending repositories for topic security-audit

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

🔍 Trace syscalls from user-space functions, by using eBPF

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Automatically capture and surface your team's tribal knowledge

An IIS short filename enumeration tool

An NFC research toolkit application for Android

Semi-automatic OSINT framework and package manager

Pentest Report Generator

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Cloud Security Posture Management (CSPM)

Web Application Security Scanner Framework

🔍 Trace syscalls from user-space functions, by using eBPF

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

Automatically capture and surface your team's tribal knowledge

Repository containing useful links for all things Physical Security. Please contribute!

No description

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

An IIS short filename enumeration tool

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

An NFC research toolkit application for Android

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Repository with the scripts that I have used in my blogs on https://powershellisfun.com. If you like these, please sponsor this project using the Sponsor button below or buy me a coffee :) https://ww...

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

QuillAudits Smart Contracts, deFi, NFT, tokens,Dao , Dex and DApps Audit Reports

Semi-automatic OSINT framework and package manager

secator - the pentester's swiss knife

Pentest Report Generator

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

An NFC research toolkit application for Android

Pentest Report Generator

🔍 Trace syscalls from user-space functions, by using eBPF

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Automatically capture and surface your team's tribal knowledge

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leakin...

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

secator - the pentester's swiss knife

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Semi-automatic OSINT framework and package manager

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

🔍 Trace syscalls from user-space functions, by using eBPF

Automatically capture and surface your team's tribal knowledge

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

An NFC research toolkit application for Android

Repository containing useful links for all things Physical Security. Please contribute!

No description

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Repository with the scripts that I have used in my blogs on https://powershellisfun.com. If you like these, please sponsor this project using the Sponsor button below or buy me a coffee :) https://ww...

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Pentest Report Generator

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

secator - the pentester's swiss knife

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

An IIS short filename enumeration tool

Set of tools to audit SIP based VoIP Systems

Simplifying SSL/TLS traffic analysis for researchers by making SSL decryption effortless.

RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

An NFC research toolkit application for Android

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Pentest Report Generator

Open Source Vulnerability Management Platform

Semi-automatic OSINT framework and package manager

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leakin...

Make production Rust binaries auditable

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Automated NoSQL database enumeration and web application exploitation tool.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。

🔍 Trace syscalls from user-space functions, by using eBPF

I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump...

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

No description

Microsoft Intune Custom Compliance

Simplifying SSL/TLS traffic analysis for researchers by making SSL decryption effortless.

Automatically capture and surface your team's tribal knowledge

Decompiler for Move smart contracts

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

An NFC research toolkit application for Android

Audit for Ubuntu 22 CIS

Make production Rust binaries auditable

My useful files for penetration tests, security assessments, bug bounty and other security related stuff

QuillAudits Smart Contracts, deFi, NFT, tokens,Dao , Dex and DApps Audit Reports

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Repository with the scripts that I have used in my blogs on https://powershellisfun.com. If you like these, please sponsor this project using the Sponsor button below or buy me a coffee :) https://ww...

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Automatically capture and surface your team's tribal knowledge

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and add reviewers. RedFlag's flexible configuration makes it valua...

Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying, ...

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

A Golang package for scanning private and public IPs for open TCP ports 👁️

Learn to audit Solana programs and help secure the ecosystem. Take your security practices to the next level and get certified by Ackee Blockchain Security. It's free, too.

Decompiler for Move smart contracts

Microsoft Entra ID Security Assessment Tool

Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams

Automatic tool to find Google Dorks

Scan your web apps for vulnerabilities, misconfigurations, and other security issues with the Pentest-Tools.com command-line program.

Checklist for security audit of ZKP projects by @positivesecurity

Microsoft Intune Custom Compliance

Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2006-5051 , CVE-2008-4109 and others.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

secator - the pentester's swiss knife

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Open Source Vulnerability Management Platform

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leakin...

Pentest Report Generator

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...

An IIS short filename enumeration tool

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

An NFC research toolkit application for Android

Semi-automatic OSINT framework and package manager

Cloud Security Posture Management (CSPM)

secator - the pentester's swiss knife

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Learn to audit Solana programs and help secure the ecosystem. Take your security practices to the next level and get certified by Ackee Blockchain Security. It's free, too.

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

A WiFi security auditing software mainly based on aircrack-ng tools suite

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

Microsoft Entra ID Security Assessment Tool

one-stop resource for all things offensive security.

Pen Test Report Generation and Assessment Collaboration

Microsoft Intune Custom Compliance

🔍 Trace syscalls from user-space functions, by using eBPF

Identify hardcoded secrets in static structured text (version 2)

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

Efficient DevSecOps

Awesome links to automate your cybersecurity checks

An IIS short filename enumeration tool

Audit for Ubuntu 22 CIS

SMBScan is a tool to enumerate file shares on an internal network.

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...

Welcome Cybersecurity's World. An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Re...