Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 security-tool Open-Source Projects
-
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
personal-security-checklist
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
scapy
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
-
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
-
awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
-
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec
Project mention: Web-check: All-in-one OSINT tool for analysing any website | news.ycombinator.com | 2024-03-01
install gitleaks in your machine gitleaks
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03Trufflehog
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login
Example Network Scanner Scapy
Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.
6. Gosec
Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”
Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.
Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12
security-tools related posts
- Show HN: Horus – An OSINT / digital forensics tool built in Python
- Tracking Snoop Dogg's $4M Crypto Wallet with My New Open Source Tool!
- Introducing EncriptorJS: Secure Text Encryption and Decryption in JavaScript
- New host intrusion detection system Impulse
- The easiest way to setup security monitoring for your VPS server or cloud VMs
- SLSA up to v1.9.0 (latest) breaking GHA pipelines
- Randcrack – predict Python's random module random generated values
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 Apr 2024
Index
What are some of the best open-source security-tool projects? This list will help you:
Project | Stars | |
---|---|---|
1 | x64dbg | 43,128 |
2 | trivy | 21,222 |
3 | web-check | 18,765 |
4 | personal-security-checklist | 15,605 |
5 | gitleaks | 15,197 |
6 | trufflehog | 13,822 |
7 | lynis | 12,493 |
8 | RustScan | 12,106 |
9 | spiderfoot | 11,670 |
10 | social-analyzer | 11,069 |
11 | vuls | 10,659 |
12 | Fail2Ban | 10,366 |
13 | scapy | 10,010 |
14 | prowler | 9,514 |
15 | Wazuh | 9,108 |
16 | my-arsenal-of-aws-security-tools | 8,692 |
17 | sliver | 7,517 |
18 | Sn1per | 7,501 |
19 | gosec | 7,426 |
20 | Brakeman | 6,906 |
21 | rengine | 6,685 |
22 | awesome-hacker-search-engines | 6,641 |
23 | traitor | 6,488 |