Awesome Security

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Simple and flexible tool for managing secrets

🤖 The Modern Port Scanner 🤖

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

The ZAP by Checkmarx Core project

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Enterprise-ready zero-trust access platform built on WireGuard®.

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

Tfsec is now part of Trivy

Open device management

A collected list of awesome security talks

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

🔥Open source RASP solution

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Adversary tradecraft detection, protection, and hunting

A fork and successor of the Sulley Fuzzing Framework

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability/integration over time.

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

A modular vulnerability scanner with automatic report generation capabilities.

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Tenzir is the data pipeline engine for security teams.

ClamAV antivirus scanning for Node.js — scan file uploads with a single function call. Zero dependencies. Typed Symbol verdicts. Local or Docker/clamd.

Fast HTTP enumerator

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

Aggregates security advisories from 10 international CERTs daily and provides an AI skill that cross-references alerts against your project's tech stack.

Secure shell history commands by finding sensitive data

Open Source SIEM (Security Information and Event Management system).

CLI utility and Python module for analyzing log files and other data.

:shower: Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software

preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.

Cyclops 是一款具有 XSS 检测功能的浏览器

Android Malware Behavior Deleter

🕵️‍♀️ Find, locate, and query files for ops and security experts ⚡️⚡️⚡️

Detect the Shai Hulud 2.0 npm supply chain attack (796+ packages). Scans for malicious files, hashes, and compromised ecosystems. Fast, accurate scanner.

Is this app legit? Check before you connect. Free URL security scanner for indie developers and AI builders. Live at trustscanpro.com

Detect CVE-2025-55182 (React2Shell) RCE vulnerability in React Server Components. Fast, accurate scanner with zero false positives.