Top 23 security-automation Open-Source Projects

• vuls

  3 10,671 8.8 Go

  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  

• Wazuh

  151 9,161 10.0 C

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  

Project mention: Exclude certain CIS (sca) rules from agents | /r/Wazuh | 2023-12-11

There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• Scanners-Box

  2 7,981 6.4

  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

• gosec

  19 7,454 8.7 Go

  Go security checker

  

Project mention: Top 10 Snyk Alternatives for Code Security | dev.to | 2023-08-31

6. Gosec

• monkey

  5 6,483 10.0 Python

  Infection Monkey - An open-source adversary emulation platform

  

Project mention: Security Audit Scan | /r/msp | 2023-06-14

• caldera

  16 5,175 9.2 Python

  Automated Adversary Emulation Platform

  

Project mention: SOC Malware/Detection lab | /r/cybersecurity | 2023-07-03

Also, for the attack emulation part you might be interested in CALDERA.

• faraday

  8 4,615 5.0 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• privatezilla

  49 3,417 1.1 C#

  👀👮🐢🔥Performs a privacy & security check of Windows 10

  

Project mention: Anyone using Tiny11 (or otherwise minimised debloated Windows) with a Surface? | /r/Surface | 2023-12-11

• django-DefectDojo

  6 3,399 9.9 HTML

  DevSecOps, ASPM, Vulnerability Management. All on one platform.

  

• Astra

  2 2,427 0.0 Python

  Automated Security Testing For REST API's

  

• dependency-track

  18 2,329 9.8 Java

  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  

Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21

I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.

I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.

It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.

Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)

• content

  7 2,082 10.0 Shell

  Security automation content in SCAP, Bash, Ansible, and other formats (by ComplianceAsCode)

  

Project mention: Oracle linux CIS benchmark | /r/ansible | 2023-06-07

• hayabusa

  7 1,938 9.7 Rust

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  

Project mention: Hayabusa: Sigma-based forensics timeline generator for Windows event logs | news.ycombinator.com | 2024-04-24

• burpgpt

  1 1,882 6.9 Java

  A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.

Project mention: Lost all my content writing contracts. Feeling hopeless as an author. | /r/ChatGPT | 2023-05-06

• bearer

  18 1,736 9.6 Go

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  

Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

• fixinventory

  38 1,533 9.6 Python

  Fix Inventory consolidates user, resource, and configuration data from your cloud environments into a unified, graph-based asset inventory.

  

Project mention: Show HN: Fix – An open source cloud asset inventory for cloud security engineers | news.ycombinator.com | 2024-03-27

The reasoning is explained in the very section of our Github org README you quoted this sentence from. Our main open source project is Fix Inventory (https://github.com/someengineering/fixinventory) and that is very well documented (https://inventory.fix.security) and uses no commercial 3rd party libraries.

The Fix SaaS frontend that you're referring to and that you find at https://fix.security builds upon Fix Inventory. We could have just made it closed-source like every other SaaS (think Grafana Cloud). But because I'm a big proponent of OSS we decided to open source our entire SaaS stack, frontend, backend as well as all internal tooling. The main intend here is transparency, not so you spin up your own SaaS environment.

Essentially we develop the SaaS for ourselves first and foremost, but saw no reason to make it closed source. So that is why it might be using any number of commercial 3rd party add-ons.

> I'm curious to know what Material UI provided that any other open-source UI library did not.

I believe it was some MUI X table features like multi row sorting that we didn't feel like re-implementing. I'm sure there's other open source libs that would do that, but we've settled on MUI and are not going to start mixing different UI libraries for different visual elements if we don't absolutely have to.

• hardening

  5 1,308 8.9 Shell

  Hardening Ubuntu. Systemd edition.

• Sooty

  1 1,282 0.0 Python

  The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

• Shuffle

  4 1,259 9.6 Shell

  Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

  

Project mention: Private Equity has Ruined Everything | /r/msp | 2023-07-02

Take a look at n8n.io or shuffler.io

• cfn_nag

  14 1,220 0.0 Ruby

  Linting tool for CloudFormation templates

  

Project mention: Setting up my own landing zone on AWS | dev.to | 2023-12-25

.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.

• FACT_core

  2 1,159 8.9 Python

  Firmware Analysis and Comparison Tool

  

Project mention: Diving into Starlink's User Terminal Firmware | news.ycombinator.com | 2023-08-29

I was part of a project that did some analysis of OpenWRT firmware at scale. It was a lot of fun. The firmware is ( obviously ) publicly available. If you're interested in finding some cool results, you should try out FACT:

https://github.com/fkie-cad/FACT_core

It's a super neat tool that does lots of interesting things.

• cve-bin-tool

  10 1,071 9.8 Python

  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

  

Project mention: FLaNK Stack Weekly 19 Feb 2024 | dev.to | 2024-02-19

• APTRS

  5 771 4.6 Python

  Automated Penetration Testing Reporting System

  

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

security-automation related posts

• Diving into Starlink's User Terminal Firmware
  1 project | news.ycombinator.com | 29 Aug 2023
• Splunk Enterprise Security dashboard that let's you prioritize, track your security automation efforts and sell your wins to management through quantitative metrics
  1 project | /r/cybersecurity | 11 Jul 2023
• SOC Malware/Detection lab
  2 projects | /r/cybersecurity | 3 Jul 2023
• Security Audit Scan
  1 project | /r/msp | 14 Jun 2023
• Automated penetration testing software?
  2 projects | /r/AskNetsec | 16 May 2023
• Kaseya Acquired Vonahi Security
  2 projects | /r/msp | 25 Apr 2023
• Endpoint Attack Simulation
  1 project | /r/cybersecurity | 24 Feb 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 29 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com