Top 23 security-audit Open-Source Projects

• lynis

  72 12,507 7.8 Shell

  Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  

Project mention: Who does check linux distros of malware - open source | /r/linux | 2023-12-10

Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...

• vuls

  3 10,659 8.8 Go

  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• prowler

  24 9,514 9.9 Python

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  

Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04

Which cloud provider?

https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.

Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security

• Wazuh

  151 9,161 10.0 C

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  

Project mention: Exclude certain CIS (sca) rules from agents | /r/Wazuh | 2023-12-11

There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.

• ecapture

  9 8,134 9.1 C

  Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/aarch64.

  

• Scanners-Box

  2 7,967 6.4

  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

• Brakeman

  16 6,906 8.1 Ruby

  A static analysis security vulnerability scanner for Ruby on Rails applications

Project mention: First commits in a Ruby on Rails app | dev.to | 2024-01-17

Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• DependencyCheck

  11 5,863 9.4 Java

  OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Project mention: OWASP dependency check (<9.0.0) could fail to work after Dec 15th, 2023 | /r/programming | 2023-12-05

• osv-scanner

  10 5,825 9.6 Go

  Vulnerability scanner written in Go which uses the data provided by https://osv.dev

  

Project mention: An Intro to SBOMs | news.ycombinator.com | 2023-04-25

• faraday

  8 4,600 5.0 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• arachni

  2 3,639 1.5 Ruby

  Web Application Security Scanner Framework

  

Project mention: Self-Host Vulnerability Scanner | /r/selfhosted | 2023-07-09

• vulscan

  3 3,314 3.4 Lua

  Advanced vulnerability scanning with Nmap NSE

  

Project mention: Scanning ports and finding network vulnerabilities using nmap | dev.to | 2023-12-01

Few people know that nmap is not just for reconnaissance work. Among other things, it allows finding vulnerabilities based on scripts prepared by the community and the tool's developers. Examples include nmap-vulners, vulscan or already prepared scripts that are installed along with nmap.

• cloudsploit

  6 3,172 9.9 JavaScript

  Cloud Security Posture Management (CSPM)

  

• dockle

  2 2,651 5.8 Go

  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

  

• github-dorks

  2 2,647 3.5 Python

  Find leaked secrets via github search

Project mention: Information Disclosure | dev.to | 2024-04-01

Now, whenever we talk about source code the first thing that comes into mind is Github, we can also use Github Dorks to search secrets in the code, you will find useful search techniques in its cheatsheet, there is also a GitHub tool for that Github-Dorks.

• bundler-audit

  5 2,646 6.1 Ruby

  Patch-level verification for Bundler

  

Project mention: 4 Essential Security Tools To Level Up Your Rails Security | dev.to | 2023-05-31

This Ruby gem is quite useful for detecting versions of gems that are known to be vulnerable to security issues. bundler-audit uses an open database of vulnerable gems called ruby-advisory-db and compares it to the versions that show up in your Gemfile.lock.

• find-sec-bugs

  8 2,201 6.1 Java

  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  

• Reconnoitre

  2 2,065 0.0 Python

  A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

• pwndoc

  11 2,026 4.4 JavaScript

  Pentest Report Generator

  

Project mention: sysreptor alternatives - writehat, Serpico, ReportGen, and pwndoc | libhunt.com/r/sysreptor | 2023-05-02

• owasp-masvs

  10 1,945 5.6 Python

  The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  

Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03

https://github.com/OWASP/owasp-masvs :

> The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

• sn0int

  1 1,847 5.2 Rust

  Semi-automatic OSINT framework and package manager

• bearer

  18 1,736 9.6 Go

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  

Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

• Diamorphine

  1 1,654 3.0 C

  LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

security-audit related posts

• Information Disclosure
  1 project | dev.to | 1 Apr 2024
• OWASP dependency check (<9.0.0) could fail to work after Dec 15th, 2023
  1 project | /r/programming | 5 Dec 2023
• Ask HN: Cloud security auditing for indie-grade projects?
  1 project | news.ycombinator.com | 4 Dec 2023
• GitHub - sterrasec/dummy: Generator of static files for testing file upload. It can generate the png file of any number of bytes!
  1 project | /r/webdev | 20 Oct 2023
• Show HN: One makefile to rule them all
  3 projects | news.ycombinator.com | 19 Oct 2023
• Extract system calls from user-defined functions, using eBPF
  1 project | /r/ReverseEngineering | 29 Sep 2023
• harpoon - Trace syscalls of user-defined functions, using eBPF
  1 project | /r/golang | 25 Sep 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 25 Apr 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com