Awesome Security

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

The ZAP by Checkmarx Core project

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Fast subdomains enumeration tool for penetration testers

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Enterprise-ready zero-trust access platform built on WireGuard®.

An advanced memory forensics framework

Tfsec is now part of Trivy

Infection Monkey - An open-source adversary emulation platform

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Dshell is a network forensic analysis framework.

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

Open Source Cloud Native Application Protection Platform (CNAPP)

GRR Rapid Response: remote live forensics for incident response

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

Loki - Simple IOC and YARA Scanner

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Rapid spam filtering system.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

A fork and successor of the Sulley Fuzzing Framework

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

A little utility for managing credentials in the cloud

Fast Incident Response

Rekall Memory Forensic Framework

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Confidant: your secret keeper. https://lyft.github.io/confidant

No description.

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Flutter Reverse Engineering Framework

Automated Red Team Infrastructure deployement using Docker

A modular vulnerability scanner with automatic report generation capabilities.

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.

Find exploit tool

:closed_lock_with_key: Multiplatform command-line password manager

Apache Metron

Data Hacking Project

Tenzir is the data pipeline engine for security teams.

A low to medium interaction honeypot.

Mirror of Apache Spot

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

Universal web application security sensor intended for real-time monitoring and defense.

Aggregates security advisories from 10 international CERTs daily and provides an AI skill that cross-references alerts against your project's tech stack.

Open Source SIEM (Security Information and Event Management system).