SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 security-vulnerability Open-Source Projects
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
SecurityAdvisories
:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
safety
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
-
herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
-
RockYou2021.txt
RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!
-
magpie
A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks. (by openraven)
-
blog-indexeddb-safari-leaks-demo
Demo showcasing information leaks resulting from an IndexedDB same-origin policy violation in WebKit.
-
bento
Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications. (by himazawa)
-
sqli-postgres-rce-privesc-hacking-playground
Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.
-
kali-dockerized
Kali Linux in Docker + Ubuntu 22.04 in Docker for Bug Bounty, Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. Kali Linux inside with Docker with or without support with systemd, repository also contains Proof of Concept with kind (Kubernetes in Docker) to test Kali Linux with enabled systemd in K8s cluster
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”
Project mention: Automated Unit Test Improvement Using Large Language Models at Meta | news.ycombinator.com | 2024-02-17https://arxiv.org/abs/2402.09171 :
> This paper describes Meta's TestGen-LLM tool, which uses LLMs to automatically improve existing human-written tests. TestGen-LLM verifies that its generated test classes successfully clear a set of filters that assure measurable improvement over the original test suite, thereby eliminating problems due to LLM hallucination. [...] We believe this is the first report on industrial scale deployment of LLM-generated code backed by such assurances of code improvement.
Coverage-guided unit test improvement might [with LLMs] be efficient too.
https://github.com/topics/coverage-guided-fuzzing :
- e.g. Google/syzkaller is a coverage-guided syscall fuzzer: https://github.com/google/syzkaller
- Gitlab CI supports coverage-guided fuzzing: https://docs.gitlab.com/ee/user/application_security/coverag...
- oss-fuzz, osv
Additional ways to improve tests:
Hypothesis and pynguin generate tests from type annotations.
There are various tools to generate type annotations for Python code;
> pytype (Google) [1], PyAnnotate (Dropbox) [2], and MonkeyType (Instagram) [3] all do dynamic / runtime PEP-484 type annotation type inference [4] to generate type annotations. https://news.ycombinator.com/item?id=39139198
icontract-hypothesis generates tests from icontract DbC Design by Contract type, value, and invariance constraints specified as precondition and postcondition @decorators:
Project mention: A Tale of Two Kitchens - Hypermodernizing Your Python Code Base | dev.to | 2023-11-12Safety and Dependabot complement these security tools by focusing on external dependencies. Safety takes charge of examining your dependencies, ensuring they are up-to-date and free from any known vulnerabilities. Dependabot works similarly, scanning dependencies, verifying if they're current and assessing them for potential security flaws. This function is crucial as weaknesses in external dependencies can compromise the security of the entire codebase.
There both do something like what you're looking for.... https://github.com/cloudquery/cloudquery https://github.com/openraven/magpie
Project mention: Kali Linux Dockerized with the support of systemd | news.ycombinator.com | 2023-10-17
security-vulnerability related posts
- Vulnerability scanning tools for homelab?
- Tool for Creating Randomized IR Scenarios
- practical command injection - command injection room
- Master's capstone project - home lab + reports
- Any resources for writing production-grade code in Python?
- Survey about Cyber Security/Hacking Lab Platforms
- Survey about Cyber Security/Hacking Lab Platforms
-
A note from our sponsor - SaaSHub
www.saashub.com | 27 Apr 2024
Index
What are some of the best open-source security-vulnerability projects? This list will help you:
Project | Stars | |
---|---|---|
1 | lynis | 12,507 |
2 | vuls | 10,671 |
3 | Brakeman | 6,910 |
4 | syzkaller | 5,124 |
5 | SecurityAdvisories | 2,644 |
6 | command-injection-payload-list | 2,582 |
7 | SecGen | 2,574 |
8 | safety | 1,626 |
9 | OWASP-Web-Checklist | 1,478 |
10 | writeups | 1,147 |
11 | herpaderping | 1,057 |
12 | RockYou2021.txt | 738 |
13 | linux_kernel_cves | 721 |
14 | faction | 352 |
15 | ssl-checker | 239 |
16 | magpie | 157 |
17 | UnSAFE_Bank | 135 |
18 | blog-indexeddb-safari-leaks-demo | 101 |
19 | bento | 76 |
20 | icestick-lpc-tpm-sniffer | 73 |
21 | sqli-postgres-rce-privesc-hacking-playground | 71 |
22 | faraday_plugins | 45 |
23 | kali-dockerized | 13 |
Sponsored