SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Infosec Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
-
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
-
Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
awesome-shodan-queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
-
awesome-security-hardening
A collection of awesome security hardening guides, tools and other resources
-
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Show HN: Pfuzz, a web fuzzer following the Unix philosophy | news.ycombinator.com | 2024-01-21It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular web fuzzers ffuf [1] and wfuzz [2] also call themselves fuzzers.
I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.
[1] https://github.com/ffuf/ffuf
[2] https://wfuzz.readthedocs.io/en/latest/
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
Project mention: If you're looking for resources pertaining to hands-on practical demonstrations of learned skills and tools/techniques, look no further. | /r/Kalilinux | 2023-11-15There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.
Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12
Did you try using https://trickest.com?
Yeah, pretty close: "On-site request forgery"[0]
[0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...
Project mention: Ask HN: Guidance starting an infosec careeer from scratch | news.ycombinator.com | 2023-10-12
Project mention: Fr0gger/Awesome-GPT-Agents: A curated list of GPT agents for cybersecurity | news.ycombinator.com | 2023-11-18
Infosec related posts
- Ronin: Free and Open Source Ruby Toolkit for Security Research and Development
- Show HN: Toolkit for Reverse Engineers (indetectables-net)
- Active Directory ACL Visualizer and Explorer
- Show HN: Pfuzz, a web fuzzer following the Unix philosophy
- Show HN: Automatic security lookups from your clipboard
- Fast web fuzzer written in Go
- How to add a man page to your Ruby project, using kramdown-man and markdown
-
A note from our sponsor - SaaSHub
www.saashub.com | 25 Apr 2024
Index
What are some of the best open-source Infosec projects? This list will help you:
Project | Stars | |
---|---|---|
1 | routersploit | 11,870 |
2 | spiderfoot | 11,723 |
3 | ffuf | 11,382 |
4 | dirsearch | 11,213 |
5 | DVWA | 9,291 |
6 | Wazuh | 9,161 |
7 | Red-Teaming-Toolkit | 8,491 |
8 | nishang | 8,324 |
9 | rengine | 6,685 |
10 | traitor | 6,491 |
11 | cve | 6,062 |
12 | Awesome-WAF | 5,917 |
13 | hetty | 5,906 |
14 | bugbounty-cheatsheet | 5,555 |
15 | AllAboutBugBounty | 5,409 |
16 | Infosec_Reference | 5,358 |
17 | DefaultCreds-cheat-sheet | 5,269 |
18 | awesome-shodan-queries | 5,032 |
19 | awesome-infosec | 4,966 |
20 | awesome-security-hardening | 4,935 |
21 | Awesome-GPT-Agents | 4,692 |
22 | faraday | 4,615 |
23 | can-i-take-over-xyz | 4,440 |
Sponsored