security-tools

Open-source projects categorized as security-tools
Edit details
Language: + Go + Python + Shell + TypeScript + C++ + Rust + JavaScript + C + Ruby
Topics: Security Pentesting Hacking Cybersecurity Python
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Top 23 security-tool Open-Source Projects

  • x64dbg

    An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

    • Project mention: we need a 2015E revival. | /r/oldrobloxrevivals | 2023-12-07

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    4. Trivy: https://github.com/aquasecurity/trivy Trivy is a versatile tool that scans for vulnerabilities in your containers, and also checks for vulnerabilities in your application dependencies.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • web-check

    🕵️‍♂️ All-in-one OSINT tool for analysing any website

    • Project mention: Web-check: All-in-one OSINT tool for analysing any website | news.ycombinator.com | 2024-03-01

  • personal-security-checklist

    đź”’ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

    • Project mention: The Personal Security Checklist | news.ycombinator.com | 2024-02-21

    Checklists at https://github.com/Lissy93/personal-security-checklist/blob/...

  • gitleaks

    Protect and discover secrets using Gitleaks 🔑

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    1. Gitleaks: https://github.com/gitleaks/gitleaks Gitleaks provides a way for developers to find and prevent security breaches by scanning Git repositories for secrets like passwords and API keys.

  • trufflehog

    Find and verify secrets

    • Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03

    Trufflehog

  • RustScan

    🤖 The Modern Port Scanner 🤖

    • Project mention: RustScan – The Modern Port Scanner | news.ycombinator.com | 2023-08-25

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  • lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

    • Project mention: Who does check linux distros of malware - open source | /r/linux | 2023-12-10

    Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

  • social-analyzer

    API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

  • vuls

    Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  • Fail2Ban

    Daemon to ban hosts that cause multiple authentication errors

    • Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10

    now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login

  • scapy

    Scapy: the Python-based interactive packet manipulation program & library.

    • Project mention: Seven Python Projects to Elevate Your Coding Skills | dev.to | 2024-02-15

    Example Network Scanner Scapy

  • prowler

    Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    1. Prowler: https://github.com/prowler-cloud/prowler Prowler provides security best practices assessments, audits, incident response readiness, and continuous monitoring for AWS environments.

  • Wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    • Project mention: Exclude certain CIS (sca) rules from agents | /r/Wazuh | 2023-12-11

    There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.

  • my-arsenal-of-aws-security-tools

    List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

  • sliver

    Adversary Emulation Framework

    • Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05

    IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.

  • Sn1per

    Attack Surface Management Platform

  • gosec

    Go security checker

    • Project mention: Secure Randomness in Go 1.22 | news.ycombinator.com | 2024-05-07

    For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`

    https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...

  • rengine

    reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

    • Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21

    I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.

  • Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails applications

    • Project mention: First commits in a Ruby on Rails app | dev.to | 2024-01-17

    Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”

  • awesome-hacker-search-engines

    A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

  • traitor

    :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

    • Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

security-tools related posts

  • Aggregating all cinema showtimes in Germany with Clojure

    2 projects | news.ycombinator.com | 18 May 2024

  • Secure Randomness in Go 1.22

    3 projects | news.ycombinator.com | 7 May 2024

  • Cloud Security and Resilience: DevSecOps Tools and Practices

    10 projects | dev.to | 1 May 2024

  • Horus: An OSINT / digital forensics tool built in Python (formerly 'Sentinel')

    1 project | news.ycombinator.com | 22 Apr 2024

  • Show HN: Horus – An OSINT / digital forensics tool built in Python

    1 project | news.ycombinator.com | 17 Apr 2024

  • Tracking Snoop Dogg's $4M Crypto Wallet with My New Open Source Tool!

    1 project | dev.to | 13 Apr 2024

  • Introducing EncriptorJS: Secure Text Encryption and Decryption in JavaScript

    1 project | dev.to | 5 Apr 2024
  • A note from our sponsor - SaaSHub
    www.saashub.com | 20 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source security-tool projects? This list will help you:

Project Stars
1 x64dbg 43,298
2 trivy 21,593
3 web-check 19,179
4 personal-security-checklist 15,879
5 gitleaks 15,361
6 trufflehog 14,039
7 RustScan 12,715
8 lynis 12,584
9 spiderfoot 11,842
10 social-analyzer 11,143
11 vuls 10,699
12 Fail2Ban 10,620
13 scapy 10,120
14 prowler 9,649
15 Wazuh 9,318
16 my-arsenal-of-aws-security-tools 8,729
17 sliver 7,700
18 Sn1per 7,577
19 gosec 7,499
20 rengine 7,027
21 Brakeman 6,914
22 awesome-hacker-search-engines 6,767
23 traitor 6,511

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com