Top 23 security-vulnerability Open-Source Projects

• lynis

  72 12,507 7.8 Shell

  Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  

Project mention: Who does check linux distros of malware - open source | /r/linux | 2023-12-10

Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...

• vuls

  3 10,671 8.8 Go

  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• Brakeman

  16 6,910 8.1 Ruby

  A static analysis security vulnerability scanner for Ruby on Rails applications

Project mention: First commits in a Ruby on Rails app | dev.to | 2024-01-17

Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”

• syzkaller

  7 5,124 0.0 Go

  syzkaller is an unsupervised coverage-guided kernel fuzzer

  

Project mention: Automated Unit Test Improvement Using Large Language Models at Meta | news.ycombinator.com | 2024-02-17

https://arxiv.org/abs/2402.09171 :

> This paper describes Meta's TestGen-LLM tool, which uses LLMs to automatically improve existing human-written tests. TestGen-LLM verifies that its generated test classes successfully clear a set of filters that assure measurable improvement over the original test suite, thereby eliminating problems due to LLM hallucination. [...] We believe this is the first report on industrial scale deployment of LLM-generated code backed by such assurances of code improvement.

Coverage-guided unit test improvement might [with LLMs] be efficient too.

https://github.com/topics/coverage-guided-fuzzing :

- e.g. Google/syzkaller is a coverage-guided syscall fuzzer: https://github.com/google/syzkaller

- Gitlab CI supports coverage-guided fuzzing: https://docs.gitlab.com/ee/user/application_security/coverag...

- oss-fuzz, osv

Additional ways to improve tests:

Hypothesis and pynguin generate tests from type annotations.

There are various tools to generate type annotations for Python code;

> pytype (Google) [1], PyAnnotate (Dropbox) [2], and MonkeyType (Instagram) [3] all do dynamic / runtime PEP-484 type annotation type inference [4] to generate type annotations. https://news.ycombinator.com/item?id=39139198

icontract-hypothesis generates tests from icontract DbC Design by Contract type, value, and invariance constraints specified as precondition and postcondition @decorators:

• SecurityAdvisories

  6 2,644 9.6

  :closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily

  

• command-injection-payload-list

  2 2,582 0.0

  🎯 Command Injection Payload List

  

• SecGen

  7 2,574 8.9 Python

  Create randomly insecure VMs

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• safety

  7 1,626 6.5 Python

  Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

  

Project mention: A Tale of Two Kitchens - Hypermodernizing Your Python Code Base | dev.to | 2023-11-12

Safety and Dependabot complement these security tools by focusing on external dependencies. Safety takes charge of examining your dependencies, ensuring they are up-to-date and free from any known vulnerabilities. Dependabot works similarly, scanning dependencies, verifying if they're current and assessing them for potential security flaws. This function is crucial as weaknesses in external dependencies can compromise the security of the entire codebase.

• OWASP-Web-Checklist

  4 1,478 10.0

  OWASP Web Application Security Testing Checklist

• writeups

  22 1,147 0.0
  

• herpaderping

  1 1,057 3.2 C++

  Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

• RockYou2021.txt

  5 738 2.1

  RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!

• linux_kernel_cves

  1 721 6.6 Vue

  Tracking CVEs for the linux Kernel

Project mention: Tracking CVEs for the linux Kernel | /r/kernel | 2023-11-10

• faction

  1 352 9.3 JavaScript

  Pen Test Report Generation and Assessment Collaboration

  

Project mention: Open Source Security Assessment Collaboration Platform | /r/RedSec | 2023-11-29

• ssl-checker

  1 239 7.0 Python

  Python script that collects SSL/TLS information from hosts

• magpie

  4 157 8.3 Java

  A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks. (by openraven)

  

Project mention: Cloud asset tracking | /r/aws | 2023-12-09

There both do something like what you're looking for.... https://github.com/cloudquery/cloudquery https://github.com/openraven/magpie

• UnSAFE_Bank

  1 135 0.0 PHP

  Vulnerable Banking Suite

• blog-indexeddb-safari-leaks-demo

  23 101 0.0 JavaScript

  Demo showcasing information leaks resulting from an IndexedDB same-origin policy violation in WebKit.

  

• bento

  1 76 0.0 Dockerfile

  Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications. (by himazawa)

• icestick-lpc-tpm-sniffer

  1 73 0.0 Verilog

  FPGA-based LPC bus sniffing tool for Lattice iCEstick Evaluation Kit

  

Project mention: iCEstick LPC TPM Sniffer | news.ycombinator.com | 2023-09-12

• sqli-postgres-rce-privesc-hacking-playground

  1 71 0.0 PHP

  Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

• faraday_plugins

  1 45 8.2 Python

  Security tools report parsers for Faradaysec.com

  

• kali-dockerized

  1 13 8.1 Dockerfile

  Kali Linux in Docker + Ubuntu 22.04 in Docker for Bug Bounty, Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. Kali Linux inside with Docker with or without support with systemd, repository also contains Proof of Concept with kind (Kubernetes in Docker) to test Kali Linux with enabled systemd in K8s cluster

Project mention: Kali Linux Dockerized with the support of systemd | news.ycombinator.com | 2023-10-17

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

security-vulnerability related posts

• Vulnerability scanning tools for homelab?
  2 projects | /r/homelab | 5 Mar 2023
• Tool for Creating Randomized IR Scenarios
  3 projects | /r/cybersecurity | 19 Jan 2023
• practical command injection - command injection room
  1 project | /r/tryhackme | 10 Dec 2022
• Master's capstone project - home lab + reports
  1 project | /r/hacking | 18 Oct 2022
• Any resources for writing production-grade code in Python?
  1 project | /r/cscareerquestions | 19 Sep 2022
• Survey about Cyber Security/Hacking Lab Platforms
  1 project | /r/HowToHack | 30 Jun 2022
• Survey about Cyber Security/Hacking Lab Platforms
  1 project | /r/netsecstudents | 27 Jun 2022
• A note from our sponsor - SaaSHub
  www.saashub.com | 27 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com