Trending repositories for topic security-tools

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Find, verify, and analyze leaked credentials

Daemon to ban hosts that cause multiple authentication errors

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Protect and discover secrets using Gitleaks 🔑

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Adversary Emulation Framework

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a...

Scapy: the Python-based interactive packet manipulation program & library.

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Attack Surface Management Platform

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...

A multi-vault secret injection tool for safely injecting secrets into app environment

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

A cybersecurity tool designed to safeguard against IDN Homograph Attacks

A multi-vault secret injection tool for safely injecting secrets into app environment

masscan全端口扫描==>httpx探测WEB服务==>nuclei&xray漏洞扫描

AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.

A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clusters.

A fast and continuous secret scanner in Go

A tool for finding security issues in GitHub Actions setups.

Security tool against dependency typosquatting attacks

Halberd : Multi-Cloud Attack Tool

Fluere is a powerful and versatile tool designed for network monitoring and analysis. It is capable of capturing network packets in pcap format and converting them into NetFlow data, providing a compr...

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is compa...

Open-source tool to build your Windows 10/11 script from scratch. It includes debloat, privacy, performance & app installing scripts.

基于ARL v2.6.2版本源码，生成docker镜像进行快速部署，同时提供七千多条指纹

免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

OpenShield is a new generation security layer for AI models

⚡ Vigil ⚡ Detect prompt injections, jailbreaks, and other potentially risky Large Language Model (LLM) inputs

ARL 资产侦察灯塔系统（可运行，添加指纹，提高并发，升级工具及系统，无限制修改版） | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Find, verify, and analyze leaked credentials

Daemon to ban hosts that cause multiple authentication errors

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Protect and discover secrets using Gitleaks 🔑

🕵️‍♂️ All-in-one OSINT tool for analysing any website

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

🤖 The Modern Port Scanner 🤖

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Adversary Emulation Framework

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

A cybersecurity tool designed to safeguard against IDN Homograph Attacks

A cybersecurity tool designed to safeguard against IDN Homograph Attacks

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Security tool against dependency typosquatting attacks

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.

A multi-vault secret injection tool for safely injecting secrets into app environment

📦 Produce secure packages and containers with declarative configurations

A fast and continuous secret scanner in Go

masscan全端口扫描==>httpx探测WEB服务==>nuclei&xray漏洞扫描

A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clusters.

A curated list of amazingly projects

A tool for finding security issues in GitHub Actions setups.

The Red Guild's devcontainer focused in web3 and security.

A very small, very simple, yet very secure encryption tool.

Keep your personal data truly personal

Copy links from the sharing menu with automatic removal of shorteners and trackers

Halberd : Multi-Cloud Attack Tool

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is compa...

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clusters.

Find, verify, and analyze leaked credentials

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

A tool for finding security issues in GitHub Actions setups.

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Daemon to ban hosts that cause multiple authentication errors

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Protect and discover secrets using Gitleaks 🔑

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

🤖 The Modern Port Scanner 🤖

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

The Network Execution Tool

Adversary Emulation Framework

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Copy links from the sharing menu with automatic removal of shorteners and trackers

A tool for finding security issues in GitHub Actions setups.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Copy links from the sharing menu with automatic removal of shorteners and trackers

A multi-vault secret injection tool for safely injecting secrets into app environment

A cybersecurity tool designed to safeguard against IDN Homograph Attacks

This repository contains CoinFabrik's ongoing research and development to extend CodeQL support to the Solidity smart contract language. By leveraging the foundational work done by the CodeQL team for...

A fast and continuous secret scanner in Go

A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clusters.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.

Security tool against dependency typosquatting attacks

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.

A curated list of amazingly projects

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is compa...

强大的 Frida 重打包工具，用于 iOS 和 Android。轻松修改 Frida 特征，增强隐蔽性，绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Streamli...

Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams

Halberd : Multi-Cloud Attack Tool

FlowSentryX is an open-source XDP-based fast packet processing DOS and DDOS Mitigation Framework solution designed to protect your network infrastructure from Denial of Service (DOS) and Distributed D...

📦 Produce secure packages and containers with declarative configurations

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

PostgreSQL database anonymization and synthetic data generation tool

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

一款部署于云端或本地的代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.

A very small, very simple, yet very secure encryption tool.

Bringing back the most advanced system and security analysis tool.

Dump lsass using only Native APIs by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

ARL 资产侦察灯塔系统（可运行，添加指纹，提高并发，升级工具及系统，无限制修改版） | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Galah: An LLM-powered web honeypot.

Make your GenAI Apps Safe & Secure :rocket: Test & harden your system prompt

A tool for finding security issues in GitHub Actions setups.

Dump lsass using only NTAPIs running 3 programs to create 3 JSON and 1 ZIP file... and generate the MiniDump later!

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

基于ARL v2.6.2版本源码，生成docker镜像进行快速部署，同时提供七千多条指纹

An OSINT / digital forensics tool built in Python

Verify apps easily.

SecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption,...

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is compa...

🕵️‍♂️ All-in-one OSINT tool for analysing any website

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Find, verify, and analyze leaked credentials

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Protect and discover secrets using Gitleaks 🔑

🤖 The Modern Port Scanner 🤖

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Daemon to ban hosts that cause multiple authentication errors

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

The Network Execution Tool

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

Adversary Emulation Framework

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Tools and Techniques for Red Team / Penetration Testing

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...

Scapy: the Python-based interactive packet manipulation program & library.

802.11 Attack Tool

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

Verify apps easily.

A very small, very simple, yet very secure encryption tool.

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

Copy links from the sharing menu with automatic removal of shorteners and trackers

Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini

Drill into WARC web archives

📡 802.11 broadcast analyzer & injector

The most powerful bruteforcer / password sprayer Artifact

Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.

一款部署于云端或本地的代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总

Identify the accounts most vulnerable to dictionary attacks

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Galah: An LLM-powered web honeypot.

The Most Advanced Client-Side Prototype Pollution Scanner

Learn to audit Solana programs and help secure the ecosystem. Take your security practices to the next level and get certified by Ackee Blockchain Security. It's free, too.

Stalker, the Extensible Attack Surface Management tool.

🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends