Top 22 security-testing Open-Source Projects

• caldera

  16 5,175 9.2 Python

  Automated Adversary Emulation Platform

  

Project mention: SOC Malware/Detection lab | /r/cybersecurity | 2023-07-03

Also, for the attack emulation part you might be interested in CALDERA.

• security-study-plan

  3 4,108 6.4

  Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• command-injection-payload-list

  2 2,582 0.0

  🎯 Command Injection Payload List

  

• gotestwaf

  5 1,410 7.1 Go

  An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

  

• awesome-python-security

  2 894 3.2

  Awesome Python Security resources 🕶🐍🔐

  

Project mention: Security focused python training? | /r/AskNetsec | 2023-05-30

• habu

  1 854 0.0 Python

  Hacking Toolkit

• akto

  2 823 9.9 Java

  Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

  

Project mention: Open source vulnerability scanner | /r/cybersecurity | 2023-12-05

Qualys is good. For open source vulnerability scanner for APIs - you can also try https://github.com/akto-api-security/akto

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• secureCodeBox

  1 714 9.9 JavaScript

  secureCodeBox (SCB) - continuous secure delivery out of the box

  

• red_team_attack_lab

  5 476 4.5 PowerShell

  Red Team Attack Lab for TTP testing & research

Project mention: Can anyone describe their red team infrastructure? | /r/redteamsec | 2023-05-04

• nerve

  1 438 0.0 Python

  NERVE Continuous Vulnerability Scanner (by PaytmLabs)

  

• MAAD-AF

  15 333 7.6 PowerShell

  MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).

  

• sechub

  1 240 9.7 Java

  SecHub provides a central API to test software with different security tools.

  

• siderophile

  1 189 5.8 Rust

  Find the ideal fuzz targets in a Rust codebase

  

• WireBug

  2 167 0.0 Python

  WireBug is a toolset for Voice-over-IP penetration testing

  

• ipa-medit

  4 167 3.9 Go

  Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.

  

• magpie

  4 157 8.3 Java

  A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks. (by openraven)

  

Project mention: Cloud asset tracking | /r/aws | 2023-12-09

There both do something like what you're looking for.... https://github.com/cloudquery/cloudquery https://github.com/openraven/magpie

• UnSAFE_Bank

  1 135 0.0 PHP

  Vulnerable Banking Suite

• event-generator

  1 79 9.3 Go

  Generate a variety of suspect actions that are detected by Falco rulesets

  

• sqli-postgres-rce-privesc-hacking-playground

  1 71 0.0 PHP

  Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

• dummy

  2 54 6.8 Python

  Generator of static files for testing file upload. It can generate the png file of any number of bytes! (by sterrasec)

  

Project mention: GitHub - sterrasec/dummy: Generator of static files for testing file upload. It can generate the png file of any number of bytes! | /r/webdev | 2023-10-20

• faraday_plugins

  1 45 8.2 Python

  Security tools report parsers for Faradaysec.com

  

• aprox

  1 42 1.8 Python

  android proxy setting tool

  

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

security-testing related posts

• GitHub - sterrasec/dummy: Generator of static files for testing file upload. It can generate the png file of any number of bytes!
  1 project | /r/webdev | 20 Oct 2023
• Security focused python training?
  3 projects | /r/AskNetsec | 30 May 2023
• B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
  1 project | /r/GithubSecurityTools | 17 Oct 2021
• Learning about github
  2 projects | /r/github | 2 Sep 2021
• GitHub - aktsk/ipa-medit: Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
  1 project | /r/netsec | 23 Aug 2021
• SySS-Research/WireBug - WireBug is a toolset for Voice-over-IP penetration testing
  1 project | /r/GithubSecurityTools | 19 Jun 2021
• aktsk/ipa-medit: memory search and patch tool for resigned ipa without jailbreak
  1 project | /r/PenetrationTesting | 3 May 2021
• A note from our sponsor - SaaSHub
  www.saashub.com | 28 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com