security-tools

Open-source projects categorized as security-tools

Top 23 security-tool Open-Source Projects

  • x64dbg

    An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

    Project mention: we need a 2015E revival. | /r/oldrobloxrevivals | 2023-12-07
  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    Project mention: Suas imagens de container não estão seguras! | dev.to | 2024-03-20
  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • web-check

    🕵️‍♂️ All-in-one OSINT tool for analysing any website

    Project mention: Web-check: All-in-one OSINT tool for analysing any website | news.ycombinator.com | 2024-03-01
  • personal-security-checklist

    🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

    Project mention: The Personal Security Checklist | news.ycombinator.com | 2024-02-21

    Checklists at https://github.com/Lissy93/personal-security-checklist/blob/...

  • gitleaks

    Protect and discover secrets using Gitleaks 🔑

    Project mention: I Analyzed StackOverflow for Secrets | news.ycombinator.com | 2023-11-17

    > gitleaks : fatal error: runtime: out of memory

    Should be fixed now: https://github.com/gitleaks/gitleaks/pull/1292. Thanks for highlighting this simple change I've been putting off :)

  • trufflehog

    Find and verify credentials

    Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03

    Trufflehog

  • lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

    Project mention: Who does check linux distros of malware - open source | /r/linux | 2023-12-10

    Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • RustScan

    🤖 The Modern Port Scanner 🤖

    Project mention: RustScan – The Modern Port Scanner | news.ycombinator.com | 2023-08-25
  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Project mention: piece of software to find /crawl information about yourself? | /r/opsec | 2023-04-10

    I’d suggest Spiderfoot.

  • social-analyzer

    API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

  • vuls

    Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  • Fail2Ban

    Daemon to ban hosts that cause multiple authentication errors

    Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10

    now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login

  • scapy

    Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

    Project mention: Seven Python Projects to Elevate Your Coding Skills | dev.to | 2024-02-15

    Example Network Scanner Scapy

  • prowler

    Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

    Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04

    Which cloud provider?

    https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.

    Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security

  • Wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    Project mention: Exclude certain CIS (sca) rules from agents | /r/Wazuh | 2023-12-11

    There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.

  • my-arsenal-of-aws-security-tools

    List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

  • Sn1per

    Attack Surface Management Platform

  • sliver

    Adversary Emulation Framework

    Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05

    IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.

  • gosec

    Go security checker

    Project mention: Top 10 Snyk Alternatives for Code Security | dev.to | 2023-08-31

    6. Gosec

  • Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails applications

    Project mention: First commits in a Ruby on Rails app | dev.to | 2024-01-17

    Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”

  • rengine

    reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

    Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21

    I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.

  • awesome-hacker-search-engines

    A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

    Project mention: Awesome Hacker Search Engines | /r/tech | 2023-04-11
  • traitor

    :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

    Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12
  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-03-20.

security-tools related posts

Index

What are some of the best open-source security-tool projects? This list will help you:

Project Stars
1 x64dbg 42,978
2 trivy 20,988
3 web-check 18,223
4 personal-security-checklist 15,249
5 gitleaks 15,075
6 trufflehog 13,716
7 lynis 12,386
8 RustScan 11,933
9 spiderfoot 11,535
10 social-analyzer 10,995
11 vuls 10,617
12 Fail2Ban 10,198
13 scapy 9,947
14 prowler 9,424
15 Wazuh 8,876
16 my-arsenal-of-aws-security-tools 8,642
17 Sn1per 7,441
18 sliver 7,434
19 gosec 7,393
20 Brakeman 6,877
21 rengine 6,615
22 awesome-hacker-search-engines 6,552
23 traitor 6,474
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com