Top 23 security-tool Open-Source Projects
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.Project mention: What is system hardening? | reddit.com/r/Linuxadministrators | 2021-04-15
Use a security tool like Lynis to perform a regular audit of your system. Any findings are showed on the screen and also stored in a data file for further analysis. With an extensive log file, it allows to use all available data and plan next actions for further system hardening.
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CIProject mention: How can I scan containers from a Security standpoint? | reddit.com/r/kubernetes | 2021-03-16
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.Project mention: What are some commonly used python libraries for hacking? | reddit.com/r/hacking | 2021-02-26
Recently used Scapy during a pentest to create custom packets to test how a device responded. Can’t say I enjoyed my time with it nor was the documentation very good, but it worked for what we needed.
A static analysis security vulnerability scanner for Ruby on Rails applicationsProject mention: 26 most popular Ruby/Rails repositories on GitHub in July-August 2020 | dev.to | 2020-09-05
Brakeman is a static analysis tool that checks Ruby on Rails applications for security vulnerabilities. 5,800 stars by now
Daemon to ban hosts that cause multiple authentication errorsProject mention: I love Flask | reddit.com/r/flask | 2021-03-21
Depending on how you're planning to deploy your Flask app, you could possibly install fail2ban, tell it to watch the Flask log location, and create custom rules for when someone should be banned.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.Project mention: We launched a free cloud security and compliance tool | reddit.com/r/devops | 2021-01-14
Tons of great stuff here too: https://github.com/toniblyx/my-arsenal-of-aws-security-tools
Infection Monkey - An automated pentest toolProject mention: Infection Monkey is a free open-source, network penetration testing tool. It is a breach and attack simulator that uses real-world attack techniques and known vulnerabilities. Evaluating your security is easy with Infection Monkey and takes 3 simple steps. | reddit.com/r/cybersecurity | 2021-04-11
A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.comProject mention: Testing | dev.to | 2021-01-19
For large projects, simple assert statements aren't enough to adequately write and manage tests. You'll require built-in module unittest or popular third-party modules like pytest. See python test automation frameworks for more resources.
Golang security checkerProject mention: Dependency management tools | reddit.com/r/golang | 2021-04-10
Sounds like you're looking for gosec
🤖 The Modern Port Scanner 🤖 (by RustScan)Project mention: How do I automate recon for 450+ hosts? Sn1per alternatives | reddit.com/r/AskNetsec | 2021-01-28
Also checkout https://github.com/RustScan/RustScan (possibly combined with something like https://github.com/vulnersCom/nmap-vulners) if you don't need a web interface.
Modlishka. Reverse Proxy.Project mention: Azure MFA | reddit.com/r/AZURE | 2021-04-14
Step 1. The user becomes a victim of an advanced phishing attack with MFA phishing included, so the attacker's phishing script logs in using both password and MFA code. Step 2. The attacker uses the session cookie to impersonate the victim. Step 3 is the same as with Option A.
Bandit is a tool designed to find common security issues in Python code.Project mention: Python code review checklist | dev.to | 2021-03-30
One of the renowned security analyzers for Python is Bandit. Also, if you use GitHub for hosting code, you should absolutely read this guide about setting up vulnerability detection and Dependabot for your codebase.
Fully automated offensive security framework for reconnaissance and vulnerability scanningProject mention: How do I automate recon for 450+ hosts? Sn1per alternatives | reddit.com/r/AskNetsec | 2021-01-28
I've used https://github.com/yogeshojha/rengine and https://github.com/j3ssie/Osmedeus with great success.
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.Project mention: How to handle secrets in the CLI | reddit.com/r/linux | 2021-04-14
reNgine is a reconnaissance engine(framework) that does end-to-end reconnaissance with the help of highly configurable scan engines and does information gathering about the target web application. reNgine makes use of various open-source tools and makes a configurable pipeline of reconnaissance.
Linux privilege escalation auditing tool
Cameradar hacks its way into RTSP videosurveillance cameras
Patch-level verification for Bundler
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐ (by KuroLabs)
🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021Project mention: A curated checklist of 300+ tips for protecting digital security and privacy in 2021 | reddit.com/r/privacy | 2021-03-30
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scaleProject mention: [FOSS] IntelOwl v2.3.0 is out! | reddit.com/r/netsec | 2021-04-15
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)Project mention: Recommend: Linux-Equivalent Tool of mkcert | reddit.com/r/voidlinux | 2021-03-25
https://github.com/smallstep/cli may be a bit overkill for your needs, but it's an epic toolkit and well worth checking out!
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.Project mention: oscp and ctf bash script fro recon help | reddit.com/r/cybersecurity | 2020-12-24
What are some of the best open-source security-tool projects? This list will help you: