Top 23 Infosec Open-Source Projects

• routersploit

  11 11,944 6.5 Python

  Exploitation Framework for Embedded Devices

  

• spiderfoot

  19 11,959 4.8 Python

  SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

• Scout Monitoring

  www.scoutapm.com featured

  Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.

  

• ffuf

  18 11,618 5.3 Go

  Fast web fuzzer written in Go

  

Project mention: Ask HN: How to find subdomains and paths for a website | news.ycombinator.com | 2024-06-01

• dirsearch

  12 11,412 7.6 Python

  Web path scanner

Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

• DVWA

  35 9,524 8.0 PHP

  Damn Vulnerable Web Application (DVWA)

Project mention: If you're looking for resources pertaining to hands-on practical demonstrations of learned skills and tools/techniques, look no further. | /r/Kalilinux | 2023-11-15

There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop

• Wazuh

  151 9,469 10.0 C

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  

Project mention: Exclude certain CIS (sca) rules from agents | /r/Wazuh | 2023-12-11

There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.

• Red-Teaming-Toolkit

  3 8,617 5.9

  This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• nishang

  15 8,417 0.0 PowerShell

  Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Project mention: PowerShell evasion | /r/AskNetsec | 2023-09-24

• rengine

  4 7,074 9.4 Python

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

• traitor

  17 6,531 0.0 Go

  :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12

• cve

  13 6,190 9.8 HTML

  Gather and update all available and newest CVEs with their PoC.

  

Project mention: Strange subdomain found during nmap scan | /r/cybersecurity | 2023-12-06

Did you try using https://trickest.com?

• Awesome-WAF

  3 5,991 2.5 Python

  🔥 Web-application firewalls (WAFs) from security standpoint.

• hetty

  3 5,906 0.0 Go

  An HTTP toolkit for security research.

• bugbounty-cheatsheet

  3 5,598 0.0

  A list of interesting payloads, tips and tricks for bug bounty hunters.

• AllAboutBugBounty

  3 5,458 3.5

  All about bug bounty (bypasses, payloads, and etc)

Project mention: How I hacked chess.com with a rookie exploit | news.ycombinator.com | 2024-01-26

Yeah, pretty close: "On-site request forgery"[0]

[0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...

• Infosec_Reference

  10 5,405 4.8 CSS

  An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Project mention: A slightly more fun way to disable windows defender. (through the WSC API) | news.ycombinator.com | 2024-05-24

There's multiple. Here is one I maintain, though am very behind on it.

https://github.com/rmusser01/Infosec_Reference

• DefaultCreds-cheat-sheet

  2 5,358 8.0 Python

  One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

• awesome-shodan-queries

  3 5,144 0.0

  🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

• awesome-infosec

  16 5,016 0.0

  A curated list of awesome infosec courses and training resources.

Project mention: Ask HN: Guidance starting an infosec careeer from scratch | news.ycombinator.com | 2023-10-12

• awesome-security-hardening

  6 5,028 4.7

  A collection of awesome security hardening guides, tools and other resources

• Awesome-GPT-Agents

  2 4,871 8.8

  A curated list of GPT agents for cybersecurity

Project mention: Fr0gger/Awesome-GPT-Agents: A curated list of GPT agents for cybersecurity | news.ycombinator.com | 2023-11-18

• faraday

  8 4,661 4.7 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• can-i-take-over-xyz

  14 4,506 5.2 Python

  "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Infosec related posts

• A slightly more fun way to disable windows defender. (through the WSC API)

  5 projects | news.ycombinator.com | 24 May 2024

• Ronin: Free and Open Source Ruby Toolkit for Security Research and Development

  1 project | news.ycombinator.com | 19 Mar 2024

• Show HN: Toolkit for Reverse Engineers (indetectables-net)

  1 project | news.ycombinator.com | 1 Feb 2024

• Active Directory ACL Visualizer and Explorer

  1 project | news.ycombinator.com | 30 Jan 2024

• Show HN: Pfuzz, a web fuzzer following the Unix philosophy

  6 projects | news.ycombinator.com | 21 Jan 2024

• Show HN: Automatic security lookups from your clipboard

  1 project | news.ycombinator.com | 3 Jan 2024

• Fast web fuzzer written in Go

  1 project | news.ycombinator.com | 24 Dec 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 6 Jun 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

Free Django app performance insights with Scout Monitoring

Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.

www.scoutapm.com