Agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries, Network devices

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Scan git repos for secrets using regex and entropy 🔑

A static analysis security vulnerability scanner for Ruby on Rails applications

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

Daemon to ban hosts that cause multiple authentication errors

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

Automated Mass Exploiter

A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Golang security checker

My simple Swiss Army knife for http/https troubleshooting and profiling.

Infection Monkey - An automated pentest tool

syzkaller is an unsupervised coverage-guided kernel fuzzer

Modlishka. Reverse Proxy.

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.

Bandit is a tool designed to find common security issues in Python code.

Next generation web scanner

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Source Code Security Audit (源代码安全审计)

Cameradar hacks its way into RTSP videosurveillance cameras

Official Black Hat Arsenal Security Tools Repository

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Linux privilege escalation auditing tool

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

大型内网渗透扫描器&Cobalt Strike，Ladon7.0内置83个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻