Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A static analysis security vulnerability scanner for Ruby on Rails applications

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Web Application Security Scanner Framework

Collaborative Penetration Test and Vulnerability Management Platform

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Source Code Security Audit (源代码安全审计)

Advanced vulnerability scanning with Nmap NSE

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Automated NoSQL database enumeration and web application exploitation tool.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

Collection of the most common vulnerabilities found in iOS applications

Cloud Security Posture Management (CSPM)

Collection of github dorks and helper tool to automate the process of checking dorks

pentest framework

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Simple Golang HTTPS/TLS Examples

Open-Source Security Architecture | 开源安全架构

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

被动式漏洞扫描系统

Semi-automatic OSINT framework and package manager

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Web Content Discovery Tool