SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 security-tool Open-Source Projects
-
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Project mention: Web-check: All-in-one OSINT tool for analysing any website | news.ycombinator.com | 2024-03-01
-
personal-security-checklist
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
-
> gitleaks : fatal error: runtime: out of memory
Should be fixed now: https://github.com/gitleaks/gitleaks/pull/1292. Thanks for highlighting this simple change I've been putting off :)
-
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03
Trufflehog
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
Project mention: piece of software to find /crawl information about yourself? | /r/opsec | 2023-04-10
I’d suggest Spiderfoot.
-
social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10
now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login
-
scapy
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
Example Network Scanner Scapy
-
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
-
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
-
-
Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05
IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.
-
6. Gosec
-
Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.
-
awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
-
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12 -
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
security-tools related posts
- The easiest way to setup security monitoring for your VPS server or cloud VMs
- SLSA up to v1.9.0 (latest) breaking GHA pipelines
- Randcrack – predict Python's random module random generated values
- Web-check: All-in-one OSINT tool for analysing any website
- .rss Feeds for Social Media
- Web Check: All-in-one OSINT tool for analysing any website
- Enhance your python code security using bandit
-
A note from our sponsor - SaaSHub
www.saashub.com | 28 Mar 2024
Index
What are some of the best open-source security-tool projects? This list will help you:
Project | Stars | |
---|---|---|
1 | x64dbg | 42,978 |
2 | trivy | 20,988 |
3 | web-check | 18,223 |
4 | personal-security-checklist | 15,249 |
5 | gitleaks | 15,075 |
6 | trufflehog | 13,716 |
7 | lynis | 12,386 |
8 | RustScan | 11,933 |
9 | spiderfoot | 11,535 |
10 | social-analyzer | 10,995 |
11 | vuls | 10,617 |
12 | Fail2Ban | 10,198 |
13 | scapy | 9,947 |
14 | prowler | 9,424 |
15 | Wazuh | 8,876 |
16 | my-arsenal-of-aws-security-tools | 8,642 |
17 | Sn1per | 7,441 |
18 | sliver | 7,434 |
19 | gosec | 7,393 |
20 | Brakeman | 6,877 |
21 | rengine | 6,615 |
22 | awesome-hacker-search-engines | 6,552 |
23 | traitor | 6,474 |