Awesome Security

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Dex to Java decompiler

Metasploit Framework

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

The most advanced free and open-source browser fingerprinting library

A tool for reverse engineering Android apk files

Simple and flexible tool for managing secrets

Clone this repo to build Frida

🤖 The Modern Port Scanner 🤖

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

The ZAP by Checkmarx Core project

In-depth attack surface mapping and asset discovery

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Fast subdomains enumeration tool for penetration testers

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

A vault for securely storing and accessing AWS credentials in development environments

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Enterprise-ready zero-trust access platform built on WireGuard®.

An advanced memory forensics framework

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

Tfsec is now part of Trivy

Infection Monkey - An open-source adversary emulation platform

Safely store secrets in Git/Mercurial/Subversion

Open device management

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Dshell is a network forensic analysis framework.

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

Open source version of Google Authenticator (except the Android app)

Open Source Cloud Native Application Protection Platform (CNAPP)

GRR Rapid Response: remote live forensics for incident response

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

A collected list of awesome security talks

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Loki - Simple IOC and YARA Scanner

Best practices for segmentation of the corporate network of any company

:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

Cloud native secrets management for developers - never leave your command line for secrets.

🔥Open source RASP solution

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

CLI for managing secrets

Adversary tradecraft detection, protection, and hunting

Rapid spam filtering system.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

A fork and successor of the Sulley Fuzzing Framework

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.